- Identity Jedi Newsletter
- Posts
- The 40th Edition of the Identity Jedi Newsletter
Wednesday 6/21/23 - Identity Jedi Newsletter - Subscribe
Hey Jedi welcome to the 40th edition of the Identity Jedi Newsletter. It’s been a while since I’ve done a Special Edition Newsletter, and this topic is well worth it.
STATUS UPDATE: We are 5…that’s right 5 subs away from 500!!! You know what to do. HIT THE REFERAL LINK!
The AI and IAM Special Edition
I’m diving deep into the world of AI and IAM and what I think it means for the future of this industry. I’ll post links to some research areas and other deep-dive things you may find useful.
Let’s do it!
What is AI?Let’s start from the beginning and ensure we understand what it means to say Artificial Intelligence( A.I). For now, I will need you to forget about the SCI-FI movies you’ve seen, and let’s look at this objectively. Okay, so let’s define some terms first. ( See the Deep Dive Links for more info). I like the definition by Stanford Emeritus John Mcarthy that AI is the “science and engineering of intelligent machines.” Since we invented the computer, we have been on a collision course to make machines that could solve problems faster and, in some cases, better than we can. To do so, we had to look t the fundamental way we solve problems. Said differently, we had to understand ourselves first so that way we could “teach” it to a machine. Think about how we teach children. Children are constantly taking in the inputs around them from the time they are born. Sights, sounds, etc. They are building a database of things and begin labeling them over time. They recognize patterns, and those patterns shape behavior. Of course, they have help on the way; adults will help them label what something or someone is. They will provide corrective feedback when needed, but over time the child learns enough from their surroundings to seek input and learn new things. That’s pretty much what machine learning is. Giving computer access to data to learn what these objects are. But also, it can begin to recognize patterns; once it sees a piece of data and recognizes a pattern, it can respond accordingly. And just like with human beings, the more data a computer receives, the better it can respond. ( Well, some humans…) Ok, so with machine learning, we have the ability to teach a computer to recognize patterns based on data we give it, allowing the computer to take actions based on that recognition and therefore showing intelligence. Sooo why haven’t we don’t this with IAM? It’s full of patterns and data, right? This would be an obvious use case for applying this type of technology.
| Deep Dive Links |
IAM and AI: A brief history
To date, IAM’s relationship with AI has been a rocky one. While it was all the rage to market about 5 years ago the actual value we saw out of that was pretty much zero.
But why?
A couple of reasons.
1) The AI market wasn’t as tool-rich as today. The skillset of building machine learning models has improved drastically over the past five years.
2)You needed to be a data scientist to create this stuff at one point. You still do today, but the creation of tools has made it easier. But you do need to understand data science, modeling, and (gasp) mathematics. Not too far of a bridge to cross if you’ve got a background in computer science, but if you’re in the industry through an IT or nontechnical path altogether, it might be like trying to learn a foreign language.
3) Also, consider that IAM wasn’t a cool place to be. Machine learning was used to map human genomes and create fake online girlfriends/boyfriends; why would a data scientist want to get into identity? Especially when, as an industry, we didn’t grasp what it takes to build an environment that supports it.
So we get a lot of hype and not a lot of value. We were on the right track, though. We saw many features around clustering and profiling that allowed us to grasp better where access was being assigned, but we miscalculated that feature's value.
Remember, machine learning starts with giving a computer data and allowing it to find patterns. THEN applying actions based on those patterns. So showing user clusters of access was just the first step in showing pattern recognition. So, a clustering feature for a user was underwhelming because it only took half the step into the world of machine learning. Customers were left with a lot of hope and very little value. It made for great marketing and demo content, though.
We got stuck in this world of Data Analytics and became obsessed with crunching numbers and showing pretty statistics and charts. And “AI” became “Analytics”, and it all became snake oil.
IAM And AI: The present
So that brings us to today. Currently, AI and IAM are on a “break”. They’ve both decided to see other people for a while and decide what they truly want in a partner. But every now and then, they are down for a sneaky link here and there.
While IAM platforms don’t market it near as heavily as they did in the past, this recent wave of AI craze has every single product team talking about how they can utilize AI within their platform. Now some will go for the cheap right and throw a ChatGPT plugin into their product and call it a day. And while that may offer some value ( I doubt it), the real product teams will dive into the world of AI and study what tools and capabilities are available today that can provide actionable real data to users in IAM platforms. All of the major cloud providers have a suite of tools available to developers allowing them to take advantage of ML models and training datasets. OpenAI has shown the world the power of a Large Language Model ( LLM). ( See Deep Dive links for more info about LLM). Turns out computers are really good and taking large amounts of data, finding patterns, and producing artifacts based on those patterns. So the real product teams are currently learning all they can about data science, machine learning and researching what patterns in identity can easily be solved with this approach. They are having strategic conversations with their engineering team to see how they can build teams to embrace this new world. If they aren’t, well, we all know what happened to the dinosaurs.
IAM and AI: The future
A.I. is here, and it’s not going away anytime soon. I believe it’s the next evolution of technology and will usher in a new way we interact with the world.
Scary? Absolutely. But so were electricity, cars, planes, and any other advancement we can think of. Change is always scary. We must use that fear to build responsibly and with caution.
IAM is destined to be AI-driven; its very nature is data and pattern recognition. “User has X. Therefore they can do Y.” “ User A present B. Therefore I know they are User A.” Digital identities are, to an extent, the digital representation of a user. Users have recognizable behavioral patterns. What applications they access, how fast they type, the cadence in which they type, etc.
The IAM platforms of tomorrow build and respond to trained models around identities. They react in real-time to deviations and present outliers for further investigation. They aren’t seen as administrative tools but more so as actionable tools that IAM practitioners use to understand user access. IAM platforms are JARVIS, and IAM practitioners are Tasha and Tony Stark.
IAM becomes an active participant in the security discussion and day-to-day operations of securing data. And I don’t think this future is as far off as one may think.
Identity Jedi Show Podcast
 |  |
The Last Word
Can’t start this without saying thank you to everyone who’s ordered a signed copy of the book! ❤️ THANK YOU. Sincerely from the bottom of my heart! Just waiting for the final sample copy to arrive, and then I’ll begin signing and shipping. Also, I’ll drop the official link to purchase the regular copies, so you can brag to all your friends about the book and that you got a signed copy..lol.
I mean I do this for you!
Final words on AI and IAM. Look, this is inevitable, and it will absolutely change the way we look at use cases today and make some products and their use cases obsolete. Period. If you’re a customer, ask your vendor TODAY what their strategy around this is, and don’t stop until they give you an answer. And if that answer is, “meh, it’s just a fad, not something we think holds a lot of value.” RUN!
We have some work to do with AI. Not just on a technical point either, there’s a valid and real concern around how we legislate this and build it responsibly. I didn't get into it much in this edition, but perhaps in the future. However, big change is coming, and we must be prepared to usher it in.
See ya next week.
Be Good to each other, Be Kind to each other, Love each other
-Identity Jedi
The JEDI COUNCIL
Change to any system brings shockwaves with it. Here’s my take on what the future holds for IAM practitioners.
Subscribe to Identity Jedi Newsletter to read the rest.
Become a paying subscriber of Identity Jedi Newsletter to get access to this post and other subscriber-only content.
Already a paying subscriber? Sign In
Join the conversation