THANK YOU FOR SUBSCRIBING

The Bots are Coming, So How do We Control Them?
By Mike Kiser, Sr. Security Strategist, SailPoint and Mike Kiser, Sr. Security Strategist, SailPoint


Mike Kiser, Sr. Security Strategist, SailPoint
Virtual assistants, and other “bots”, are experiencing a wave of popularity within today’s enterprises. From customer service chatbots, to order fulfillment, to making travel bookings for employees–the ability of bots to speed up and simplify such internal processes has many organisations looking to adopt this technology sooner than later.
However, as with many technologies, bots present both powerful opportunities and a significant challenge when it comes to identity governance.
Bots vs. identity
The wave of bot adoption provides an opportunity for identity to become more intuitive and pervasive within a business. Bots can be used to facilitate interaction between the business user and the identity infrastructure in the form of chatbots or other human-like request processors. This may allow business users to obtain reporting and analytics from the business more rapidly. For instance, the ability to check-in on the progress of a given certification campaign can be done with very little human effort.
Bots may also be more involved in the actual process of governance itself, for example through bot-facilitated access requests. This would allow for governance controls to be controlled and customised centrally to rapidly meet the needs of the end business user, with little human intervention. The actual process of identity governance would then be improved, just as other activities are seeing the benefit of bot adoption.
Bots as identities
With such a potentially large wave of adoption, the potential for bots to be used without appropriate identity governance is significant. Automation programs that create bots ad hoc, for example, could present a real problem for businesses if they fail to ask the right questions and monitor such programs in the first place. In the face of rushed early adoptions, it’s crucial to ensure that identity standards are being met if businesses want to sustainably stay ahead of the curve.
Despite there being many new and promising bot-based initiatives, the use of models that have already been proven in production is one way to ensure success. Most often, this will mean treating bots in the same manner as contractor-based identities, where a dedicated bot repository is established in the same way it would be if the bot were a contractor. As they are created, modified, or eliminated, this repository must be updated, and that information subsequently brought into the identity governance solution. This also means applying time-based access and the application of policy to ensure tight restrictions on their capabilities within the environment.
Bots need to be controlled in the same way other identities are controlled, meaning that their actions should be confined strictly within set boundaries. Analytics may also be deployed to ensure that they have not been repurposed and are fulfilling their expected function. While one of the greatest benefits of bots is that they allow human effort to be lessened, human oversight of bots is still key to good governance, so every bot must (once again like a contractor) have a real-world person who is ultimately responsible for their governance.
The rapid rise in the use of bots throughout organisations grants identity programs a chance to be enhanced, while also introducing a new class of identities to govern. By being proactive, asking the right questions, and using proven governance models, identity can be utilised to retain governance and oversight while openly welcoming the rapid adoption of this new technology.
Bots as identities
With such a potentially large wave of adoption, the potential for bots to be used without appropriate identity governance is significant. Automation programs that create bots ad hoc, for example, could present a real problem for businesses if they fail to ask the right questions and monitor such programs in the first place. In the face of rushed early adoptions, it’s crucial to ensure that identity standards are being met if businesses want to sustainably stay ahead of the curve.
Despite there being many new and promising bot-based initiatives, the use of models that have already been proven in production is one way to ensure success. Most often, this will mean treating bots in the same manner as contractor-based identities, where a dedicated bot repository is established in the same way it would be if the bot were a contractor. As they are created, modified, or eliminated, this repository must be updated, and that information subsequently brought into the identity governance solution. This also means applying time-based access and the application of policy to ensure tight restrictions on their capabilities within the environment.
Bots need to be controlled in the same way other identities are controlled, meaning that their actions should be confined strictly within set boundaries. Analytics may also be deployed to ensure that they have not been repurposed and are fulfilling their expected function. While one of the greatest benefits of bots is that they allow human effort to be lessened, human oversight of bots is still key to good governance, so every bot must (once again like a contractor) have a real-world person who is ultimately responsible for their governance.
The rapid rise in the use of bots throughout organisations grants identity programs a chance to be enhanced, while also introducing a new class of identities to govern. By being proactive, asking the right questions, and using proven governance models, identity can be utilised to retain governance and oversight while openly welcoming the rapid adoption of this new technology.
Weekly Brief
Read Also
Delivering customer excellence in 2021 and beyond
Clare Naunton, Customer and Stakeholder Experience Programme Director, National Grid
Avoiding the 'Shiny Object' Trap of Digital Transformation
Timothy White, Vice President & Head of Global Digital Commercial, Teva Pharmaceuticals
Procurement in a Pandemic
Darren Woollard MIWFM MASC AIRPM TIFSM ASyI RISC GSIP, Head of Facilities Management, UK, Praesepe PLC
Interweaving Drones with Air Traffic Management
Oliver Pulcher, Director of Corporate Development, Strategy, International Affairs and UAS at DFS Deutsche Flugsicherung
Security in the Cloud Requires a New Way of Thinking
Dan Constantino, Director, Security Operations, Cox Automotive
Adapting to the Ever-changing Threat Landscape
Brian Hussey, Global Director of SpiderLabs Incident Response & Readiness, Trustwave

I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info