Proceed with Caution: Generative AI in Identity

By on
Read more about author Jackson Shaw.

OpenAI launched generative AI (GenAI) into the mainstream last year, and we haven’t stopped talking about it since – and for good reason. When done right, its benefits are indisputable, saving businesses time, money, and resources. Industries from customer service to technology are experiencing the shift. In fact, a recent study showed a significant increase in GenAI budgets across the board, with close to one-fifth of all healthcare technical leaders witnessing a more than 300% budget growth.

But the hard truth is that many don’t realize those benefits because most GenAI projects fail. There are many reasons for this, ranging from unrealistic expectations to a lack of AI talent to drive the project to concerns with hallucinations and accuracy. While all of these factors are important, there are several identity-specific challenges that make it hard to realize value from GenAI.

Here are several reasons identity leaders may want to think twice before going all in on GenAI initiatives: 

Dirty Data: Your GenAI program is only as good as the data you feed it. Yet, we know that for a majority of enterprises, identity data is disorganized, messy, and outdated. For example, email (50%) was cited as the most popular option for controlling permissions and entitlements among respondents of a recent survey. The old adage “garbage in, garbage out” holds true, and it’s no different with GenAI. If the inputs are incorrect, the AI-generated results will be too, rendering them effectively useless. 

Organizational Silos: One of the biggest challenges for GenAI applications and IT departments alike is bringing data together from numerous disparate systems – including the aforementioned emails and spreadsheets. Not to mention, once you get this information, is the data correct? Again, in the case of identity, are all employees still current, in the same position with the same access and privileges as the data reflects?

Complexity of Data Handling: Generative AI requires large volumes of data to function effectively. Identity governance programs handle sensitive and diverse data sets, including personal and access-related information. Ensuring that GenAI models can process and manage this data while maintaining privacy and security is complex and requires significant effort in data anonymization and encryption.

Accuracy and Trustworthiness: Identity governance demands high accuracy in user identification, access control, and compliance monitoring. GenAI models can sometimes produce inaccurate or unexpected results due to biases in training data or model limitations. Ensuring the AI’s decisions are reliable and trustworthy enough for critical governance tasks is a significant challenge.

Regulatory Compliance: Identity governance programs must adhere to strict regulatory and compliance standards, such as GDPR, HIPAA, and others. Integrating GenAI into these programs necessitates rigorous compliance checks and auditing capabilities. The AI must be transparent and explainable, which is often difficult to achieve with complex generative models, potentially leading to regulatory issues.

The Solution

The moral of the story? It all comes down to the quality and integrity of your data. The single most impactful thing organizations can do, not just for AI, but overall business operations and security, is getting your house clean. Otherwise the results from GenAI won’t be what you expect, likely costing you time, money, and headaches. 

There are certainly products and features that can help with this. The Common Service Data Model (CSDM), for example, is a standardized set of terms and their definitions that can be used with all ServiceNow products. The system acquires all the duplicated platform data across functions such as SecOps, CMDB, and others and organizes it in one central repository. But this takes time, and AI teams still need to dedicate time for data cleansing and governance.

The appetite for GenAI is definitely a catalyst for getting your organizational data in a good place. But keep in mind that even data synchronization tools like CSDM – although a great first step – may not be enough. If you’re up for the challenge of leveraging GenAI in your identity program, that’s great. Just make sure you’re dedicating the time and resources to cleaning your data first.