The Bots are Coming, So How do We Control Them?

Mike Kiser, Sr. Security Strategist, SailPoint
content-image

Mike Kiser, Sr. Security Strategist, SailPoint

Want to know what the weather will be like today or the score of last night’s game? If asking your personal virtual assistant is your first port of call, you’re not alone–the explosion of virtual assistants in home environments underscores the reality that software applications are weaving themselves into the fabric of not only our personal lives, but also into our working lives.

Virtual assistants, and other “bots”, are experiencing a wave of popularity within today’s enterprises. From customer service chatbots, to order fulfillment, to making travel bookings for employees–the ability of bots to speed up and simplify such internal processes has many organisations looking to adopt this technology sooner than later.

However, as with many technologies, bots present both powerful opportunities and a significant challenge when it comes to identity governance.

Bots vs. identity

The wave of bot adoption provides an opportunity for identity to become more intuitive and pervasive within a business. Bots can be used to facilitate interaction between the business user and the identity infrastructure in the form of chatbots or other human-like request processors. This may allow business users to obtain reporting and analytics from the business more rapidly. For instance, the ability to check-in on the progress of a given certification campaign can be done with very little human effort.

Bots may also be more involved in the actual process of governance itself, for example through bot-facilitated access requests.

The wave of bot adoption provides an opportunity for identity to become more intuitive and pervasive within a business

This would allow for governance controls to be controlled and customised centrally to rapidly meet the needs of the end business user, with little human intervention. The actual process of identity governance would then be improved, just as other activities are seeing the benefit of bot adoption.

Bots as identities

With such a potentially large wave of adoption, the potential for bots to be used without appropriate identity governance is significant. Automation programs that create bots ad hoc, for example, could present a real problem for businesses if they fail to ask the right questions and monitor such programs in the first place. In the face of rushed early adoptions, it’s crucial to ensure that identity standards are being met if businesses want to sustainably stay ahead of the curve.

Despite there being many new and promising bot-based initiatives, the use of models that have already been proven in production is one way to ensure success. Most often, this will mean treating bots in the same manner as contractor-based identities, where a dedicated bot repository is established in the same way it would be if the bot were a contractor. As they are created, modified, or eliminated, this repository must be updated, and that information subsequently brought into the identity governance solution. This also means applying time-based access and the application of policy to ensure tight restrictions on their capabilities within the environment.

Bots need to be controlled in the same way other identities are controlled, meaning that their actions should be confined strictly within set boundaries. Analytics may also be deployed to ensure that they have not been repurposed and are fulfilling their expected function. While one of the greatest benefits of bots is that they allow human effort to be lessened, human oversight of bots is still key to good governance, so every bot must (once again like a contractor) have a real-world person who is ultimately responsible for their governance.

The rapid rise in the use of bots throughout organisations grants identity programs a chance to be enhanced, while also introducing a new class of identities to govern. By being proactive, asking the right questions, and using proven governance models, identity can be utilised to retain governance and oversight while openly welcoming the rapid adoption of this new technology.

tag

virtual assistant

Read Also

Digital Hands, Human Focus: Rethinking Productivity with Automation and AI

Digital Hands, Human Focus: Rethinking Productivity with Automation and AI
Samuel Budianto, Head Of Information Technology, Time International
Transforming Cybersecurity Leadership in Critical Industries

Transforming Cybersecurity Leadership in Critical Industries
Joel Earnshaw, Senior Manager, Cybersecurity, Perenti
The Blueprint behind Modernizing Branch Networks

The Blueprint behind Modernizing Branch Networks
Ronaldo S. Batisan, Senior Vice President - Branch Channel Management Head Of Union Bank Of The Philippines
The Blueprint behind Modernizing Branch Networks

The Blueprint behind Modernizing Branch Networks
Ronaldo S. Batisan, Senior Vice President - Branch Channel Management Head Of Union Bank Of The Philippines
Meeting Business Travel Demands with Intelligent Platforms

Meeting Business Travel Demands with Intelligent Platforms
Zamil Murji, Chief Technology Officer, Corporate Travel Management – Asia
From Friction to Function: How Winc Turned Customer Feedback into Business Growth

From Friction to Function: How Winc Turned Customer Feedback into Business Growth
Cara Pring, Digital & Cx Director, Winc Australia
Why Contact Centres are Becoming Strategic Hubs for Social Insight

Why Contact Centres are Becoming Strategic Hubs for Social Insight
Cindy Chaimowitz, GM Wholesale & Customer Service and Karen Smith, Head of Customer Service, Foodstuffs North Island
Why Compliance Needs a Seat at the Strategy Table

Why Compliance Needs a Seat at the Strategy Table
David Koh, Head, Legal & Compliance (Singapore) and Operational Risk Management Country Lead, Perpetual Limited