Episode 021: 06‐06‐2024 Go Beyond With AI & Identity - GluuFederation/identerati-office-hours GitHub Wiki
Title: Go Beyond With AI & Identity
- Host: Mike Schwartz, Founder / CEO Gluu
- Guest: Mike Berthold, Senior Solutions Architect Okta
- Co-Host: Gautam Hazari, CTO Sekura.id
Description
AI represents a huge opportunity for digital identity advancement potential: proactive security for organizations, efficient workflow automation for the workforce, faster development, and a better UX for customers. It also greatly enhances the capabilities of bad actors for both common and novel types of attacks. What are the tactical and strategic consideration for identity architects?
Homework
- How AI impacts the SMB threat landscape
- Beyond MFA: Identity is evolving for a complicated world
- CyberArk acquires Venafi for $1.54B, integrating human and machine IAM
- Slides
Takeaways
-
Advances in AI are impacting many areas of identity and security. Some of the impacts we discussed were: deep fake videos, smarter phishing emails, behavioral biometrics, less burdensome workforce access certification campaigns, side channel attacks. Enterprise identity architects must prioritize based on which AI solutions offer the most impact.
-
AI is contributing to the need for a more "continuous" security posture. But enterprise's ability to evaluate policies is not new: even old products like Siteminder and IBM TAM were "Policy Decision Points". For applications to use AI, developers will need to change how they use with the security infrastructure.
-
AI is driving advances in behavorial biometrics. Smart phones present a new opportunity to collect data about people. If it were non-identifying (e.g. gyro data), perhaps it could be useful for authentication without degrading privacy. Although the idea that the device is collecting data to build a behaviorial biometric profile that consumers don't understand might be creepy to some people.
-
LLM's are really good at writing phishing emails (or SMS). But is this an "identity" problem?