Managing agentic AI identities a key for security, say experts
Governance and identity are essential to staying out of agentic AI trouble, Appfire engineering director says.
• less than 3 min read
Eoin Higgins is a reporter for IT Brew whose work focuses on the AI sector and IT operations and strategy.
IT is having an AI identity crisis.
As agentic AI solutions become ubiquitous within organizations, how they function within existing systems can create cybersecurity complications. It’s a new spin on identity access management (IAM), where the users who need monitoring now include virtual agents.
In order to govern processes, said Appfire Director of Engineering Surya Mereddy, it’s important to establish visibility into the different aspects in your organization, including AI.
“If you’re not thinking about your governance within your organization and how you’re going to leverage AI and how it’s going to be implemented, you’re going to be in a lot of [trouble] in the future,” Mereddy said.
Moving forward. The first step is to assign identities to agents working within your systems and then manage them as needed. Kevin Paige, CISO at ConductorOne, told IT Brew that in the hybrid world of today’s tech industry, there are multiple layers of security to consider. IAM now involving AI agents presents an ongoing challenge for IT pros who handle virtual environments.
“These abstraction layers, the data that’s running on top of them, and all the AI that’s going to be running—how are we really thinking about providing identity to those layers, how are we managing access?” Paige said. “In the future, as we go forward, it becomes even more important than it is today.”
Last summer, IT Brew spoke to Cisco SVP and GM of Infrastructure and Security Tom Gillis about agentic AI and IAM. Gillis said that establishing the difference between a virtual and real user is an important first step.
“Having the ability to even just identify an agent and distinguish an agent from a human is something that is really, really important,” Gillis said.
Take a look. That visibility, Paige said, leads to better governance policies for organizations. Task-based access for agents and automated access for human users is a good way of making things clear. Combine that with life cycle limitations and tracking of non-human identities (NHIs) and you have a good start.
“Those probably are the three things to do to figure out your strategy for workplace management of all your identities,” Paige said.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.