If you’ve been awake and conscious over the past several weeks, odds are you have seen some mention of ChatGPT, the newest internet sensation captivating the planet. For those that are not aware, ChatGPT is a new artificial intelligence (AI) tool that lets people type questions to a chatbot that then can reply in a near-authentic response that looks conversational. The tool can remember the entire discussion and uses past questions and answers to inform future answers. ChatGPT selects its answers by having processed huge amounts of data from the internet, so if you ask it to write a letter to your mother on Mother’s Day in the tone of Winston Churchill, it can do a pretty good job of doing just that.
However, ChatGPT itself states “I am not perfect and may not always have the correct answer to every question. Additionally, the information I provide is only as accurate as the data I have been trained on, which has a fixed cutoff date. This means that I may not be able to provide information on recent events or developments that have occurred since the training data was collected,” and highlights the fact that AI still relies on human components as well as requires strong data quality to properly function. The same can be true with how AI is leveraged in identity management, in that it opens a lot of exciting possibilities, while also still needing human intervention to make it work.
3 key lessons that can be applied to any identity management program stemming from the ChatGPT phenomenon
1. People still matter
As with search engines, which many see as the thing that ChatGPT is aiming to disrupt, the person behind the question matters, and so do the people behind the programming of the AI itself. Within identity security, think of artificial intelligence that can recommend access rights that are generated based on access rights across peer groups. In this instance, even though the identity management solution can curate those recommendations based on what other people are doing throughout the network, it still requires human intervention at the onset that can establish who are true peers, what types of access rights and entitlements should be granted based on roles, continually evaluating those roles, and more.
2. Data quality is king
In the example, I listed earlier, where someone is looking for a Winston Churchill stylized Mother’s Day card, if ChatGPT pulls in a litany of fake speeches from Churchill, then the result will not be that accurate and will leave the question asker a bit confused. In identity management, it is not so simple as plugging in a tool, and then out of thin air, there is strong governance, audit controls, and smooth workflows. For an identity management tool to work, there has to be good data that is fed to it, so it can monitor who has access to what, why that access was granted, for how long, and so on. For strong identity management, ingesting data from multiple authoritative sources can get very hairy very quickly, especially if data is stored in different formats or models.
3. AI is not a silver bullet
Many are afraid that ChatGPT means that kids will no longer do their own homework, or that blogs such as this one will be automatically generated. While in some instances this may be true, in most cases, for AI to be fully maximized, it should be delivered alongside humans as a way of optimizing decision making or processes. In identity management, there is a lot of automation.
As with ChatGPT, in order to implement strong AI, you have to know the right questions to ask in order to get the best types of information. In other words, in identity management, AI capabilities still need to be pointed in the right direction by IAM administrators and security leaders. In order to best leverage AI, it needs to be used in conjunction with humans in order to help better decisions get made. AI can be easily used to automate manual and/or repetitive processes, but there will always be room for human intervention when governing the wide swaths of identities that require access to a growing list of cloud-based applications and infrastructure.
Above all, a key takeaway from the latest buzz with AI is that it should be layered on top of strong foundational processes to get the most benefits. For more information on how to confidently implement the core elements of identity governance, check out Omada IdentityPROCESS+, an eBook that highlights how to deploy and scale the core pieces of IGA, including identity lifecycle management, auditing, governance, access management, and more.
