Artificial Intelligence in Information Security

Whether it’s another data breach at a major company or a shift in the way large businesses approach security, recent news continues to highlight the importance of strong identity and access management policies with help from artificial intelligence and machine learning applications. Knowing the threats you may encounter and the protections available can guide you in making the best decisions to secure your systems.

Amazon Data Breach – What You Need to Know

On November 21, 2018, just two days before the Black Friday shopping frenzy, Amazon experienced a “data issue” involving leaked “customer names and email addresses.” According to reported news, the online retail giant blamed the data exposure on a “technical error.” Users affected by the problem were sent a vaguely worded email assuring them there was no need to change their passwords.

Many users assumed the email was a phishing attempt and were baffled. However, even though Amazon is staying quiet about the details, the reported leak was legitimate. No information was forthcoming from the company about the number of people affected or the root cause of the issue, but poor access management is one potential culprit. When permissions are granted beyond a user’s access needs, errors are more likely and hackers have more opportunities to gain entrance into a system.

This leak serves as a reminder to assess permissions and keep access privileges under control in enterprise systems. With so many users interacting throughout the network on the front and back ends, it’s critical to ensure each person only has access to the information and applications necessary to perform essential tasks.

The Rise of Next-Gen IDaaS

As traditional authentication methods lose efficacy, businesses need new ways to address identity management and enforce privilege levels such as the new generation of Identity as a Service (IDaaS) that is available to companies searching for smarter, stronger IAM tools.

For example, Janrain Identity Central provides fresh ways to manage customer identities and sign-on procedures. Companies interacting with large numbers of users on a daily basis can leverage Identity Central’s enterprise-grade tools to improve the customer experience across all access points.

Janrain’s new offering includes tools designed to:

• Handle customer registration and authentication
• Improve customer preference and consent management
• Enable continuous integration
• Set up and maintain single-sign on (SSO) access
• Speed up self-service account recovery
• Centralize policy administration and enforcement
• Improve identity analytics

With these options readily available, companies are better able to monitor customers’ access behaviors to detect and stop fraud, and, deal with bottlenecks leading to registration abandonment.

More IDaaS solutions like Identity Central are likely to arise as customer access management increases in complexity. Companies need IDaaS to ensure a high level of security for sensitive data without hampering the customer experience. Being able to provide straightforward registration options and a seamless transition between applications removes potential barriers and allows customers to interact appropriately while preventing unwanted data access.

Do Enterprises Need AI?

With connectivity no longer limited to in-house networks and the number of internet-ready devices continuing to increase, enterprises need a better way to manage risk levels. Threats are becoming more numerous and sophisticated as hackers adapt to the changing landscape of modern networks. With IoT, BYOD, remote work and cloud-based collaboration becoming the norm, there are a growing number of endpoints at which malicious third parties can gain network access.

To address these changes, companies must be ready to switch from threat prevention to proactive detection and response. Outdated security protocols can’t offer the dynamic tools necessary to protect against numerous modern threats, which is why many businesses are turning to artificial intelligence (AI) and machine learning (ML).

With these sophisticated tools in place, enterprises can build security strategies designed to handle the 750 or more applications running on their networks and the 1,500 users accessing each application throughout the day. AI and ML are better at detecting unusual behavior anywhere on a network and can trigger immediate responses to detect a threat before it turns into a full-blown breach. Because these modern security resources can “learn” which behaviors are normal and which aren’t, enterprises no longer have to rely on periodic software updates to get all the information on new threats. Instead, AI and ML work together to “understand” when something is amiss and launch a defense as quickly as possible.

The smartest thing you can do to ensure your systems and data are protected against the growing number of unique threats from malicious parties is to be alert:

  • continue to watch the changing identity and access management landscape,
  • learn from security breaches in the news,
  • get more information about new solutions as they become available, and
  • implement the most relevant options for your organization.

Sign up for the Identity Management Journal to receive articles and announcements.