For nearly 20 years, RSA has employed behavioral analytics and machine learning to help our customers strengthen identity confidence with both real-time and historical context on user authentication patterns in their environments. With this context, authentication and access systems can make more intelligent decisions on risk to improve security without impacting end user productivity or convenience.

In that time, I’ve heard all kinds of questions about how our model works: what does our risk engine look for? How does it weigh one variable against another? Can I see the math? Can I modify the weightings?

Those always struck me as reasonable questions: our customers are some of the most secure organizations on earth. They’ve always prioritized cybersecurity and only work with vendors that can keep their IP, employees, and work secure.

Allowing machine learning algorithms to have any say in assessing risk or coordinating responses represented a significant change 20 years ago. But now, those questions take on even greater urgency. AI—or at least what marketing departments call AI—is becoming more available than ever. AI is driving cars, winning art competitions, and trying to get one reporter to leave his spouse.

It’s noisier than ever for human users evaluating AI. And that’s a shame, because I’ve seen real results in using intelligence in identity to create stronger security postures. But getting there is harder than just asking ChatGPT.

How AI can keep organizations more secure

That’s why next week’s Gartner IAM Summit is coming at such at an important time. The role of identity is evolving, with more users, devices, entitlements, and environments than ever. That’s leading to new risks and threats that organizations must address.

And AI can be a major asset in helping organizations adapt to those new challenges. At the Gartner summit, I will be revealing some of the many lessons that RSA has learned over 20 years of using risk intelligence to enhance user assurance.

What’s clear is that risk-based authentication can help organizations meet both their security and convenience objectives. “Risk-based” doesn’t mean taking on more risk—it just means addressing that risk in different ways.

If done correctly, the use of context, analytics, and insights to complement traditional authentication and access techniques can help businesses foster smarter, stronger security. And doing that at scale will allow organizations to move closer towards a zero-trust architecture. But getting the model correct takes real expertise: as much as AI has changed over the last 20 years, the “garbage-in-garbage-out” rule still applies. Organizations need to find vendors that know what information to use in their models and also need to know how to interpret outputs.

One last thought: an organization can get stronger security, better results, and smarter AI by applying intelligence across its identity universe. At the Gartner IAM Summit, I’ll explain the spectrum of identity risk, and how AI can learn from and secure vulnerabilities in enrollment, lifecycle, and governance in addition to just authentication.


Want to hear more? If you’re traveling to the Gartner IAM Summit, join Dave Taku’s session, “Intelligent Identity in the AI Era” on March 20 at 3:15 PM in Dallas 7.

Make sure to visit RSA at Booth 417 to learn more about our identity platform and demo RSA solutions.