This piece is by Bruce Esposito, Global IAM Strategy, One Identity
CapGemini’s recent report, The Rise of Agentic AI: how trust is the key to human:AI collaboration, explored current agentic AI deployments across 13 industries, including polling 105 insurance enterprises. The report revealed that, while 93% of organisations believe that they could gain competitive advantage from implementing agentic AI within the next year, just 2% have fully rolled out their AI agents.
Barriers to adoption in the insurance sector include concerns about regulatory compliance, the ability to explain claims decisions that were handled solely by an AI agent, the risk of bias, and ethical considerations.
The pressure to leap into AI
In the past five years IT security professionals have already had to grapple with managing remote and hybrid workforces, and the proliferation of machine identities. Just like their human counterparts, AI agents require access to applications and critical systems. This access also needs to be managed and audited.
Stitching solutions together
Until now, the workforce identity security sector has been populated with numerous discrete products that provide identity and access management (IAM), identity governance and administration (IGA), privileged access management (PAM), Active Directory management (ADM), identity threat detection and response (ITDR) and more. As a result, IT professionals are often required to manage at least a dozen different identity security tools. In response, leading identity security vendors have started to build, or acquire additional components of the identity tech stack to offer a cohesive approach.
Addressing Integration fatigue
The problem with the current identity market consolidation is that CIOs tell us that they’re tired of being the integrator. They want integrated solutions off-the-peg, not a patchwork of solutions that they need to stitch together.
This integration challenge is exacerbated by the fact that many IGA solutions and Active Directory management tools are implemented and
maintained by separate enterprise teams. If a new IGA solution is implemented by the IT team, then the Active Directory team has to learn that tool and manually control it.
An additional issue with the patchwork approach is that competing vendors’ tools, that work well together initially, may not integrate quite so seamlessly in the future as individual tools are upgraded, or the market consolidates and former partners suddenly become competitors.
Disjointed identity tools risk creating blind spots across the enterprise environment, or adding user friction that leads to poor security
hygiene, such as users applying insecure workarounds, or simply leaving sensitive applications open. A unified identity approach orchestrates and automates identity-related processes to streamline workflows, improve user experience, and ensure consistent policy enforcement.
Identity Fabric in the Enterprise
There have been four major phases in identity management over the past decade: Identity sprawl; identity management point solutions; integration of point solutions; and unified identity management. Most of the largest enterprises have emerged from the first phase and addressed the identity sprawl created through the enablement of remote working, and the move to hybrid, cloud-first and mobile-first environments. The market is currently in the integration phase.
Phase four, where enterprises achieve a unified state of zero-trust network access for all users, devices, machine identities, and AI agents, with all identity tools working seamlessly together, is the next goal. Gartner refers to this as ‘Converged Identity Platforms,’ while Kuppinger Cole calls this the ‘Identity Fabrics’ approach. I believe that AI will accelerate this phase.
AI as the Abstraction Layer
While agentic AI has brought its own new set of identity management problems, the powerful search functionality of generative AI also offers a solution for overstretched security teams. An abstraction layer acts as an intermediary between applications and identity providers. This allows new applications to connect to the identity fabric, without needing to know the specifics of each identity system.
AI can be leveraged as an interface that knows which systems users need access to and supports a unified zero-trust network access approach.
AI can be used to rapidly query, verify, and provide or deny access, based on the user’s current location and context. LLMs can be taught to understand when user behaviour is anomalous, which can be used to prevent misuse, detect insider threats, and enforce an organization’s joiner, mover, leaver processes.
Reducing Rip and Replace
An advantage of using AI as the abstraction layer is that it can analyse the data contained in each of the IAM, IGA, PAM, AD management, and
other components of an enterprise’s identity fabric. This approach extends the investment in existing tools and gets CIOs off the hamster wheel of having to find and implement a new tool to address each new identity management problem.
Who does the Identity Fabric cover?
Insurance companies hold highly sensitive information, are heavily regulated, and operate zero-trust environments, where each and every
access request must be verified. Our channel partners underpin everything that we do. They tell us that CIOs in highly-regulated industries are looking for market-leading IAM, PAM, IGA, and AD management tools from a single vendor. This provides them with identity tools that integrate right out-of-the-box and provide a long-term security, governance, and compliance solution that won’t come unstuck as the market consolidates.
When your organisation is making the jump into agentic AI, an identity fabric approach eases new technology adoption and migration and maximizes ROI on existing technologies. Each component continues to manage identities, avoiding single points of failure.
Be the first to comment