For more information on how cognitive computing supports security, read the more recent blog post, “Elementary, My Dear Watson: Identifying and Understanding Malware With Cognitive Security.” 

A few days ago, IBM CEO Ginni Rometty announced the Cognitive Business initiative. This journey is supported by IBM Watson, the cognitive computing system that understands and learns from natural language.

The name Watson is not an homage to Sherlock Holmes’ friend and assistant Dr. John Watson, but rather to Thomas J. Watson, IBM’s first CEO and industrialist. Thomas Watson once said, “Thought has been the father of every advance since time began,” which became the inspiration behind IBM’s THINK trademark.

How Cognitive Computing Will Impact Identity Governance and Management Practices

My own personal view is simple. I’ve been in the identity management space since its inception. And in my personal experience, regardless of the product you use (and I’ve seen many), for every dollar spent on identity governance software today, there are more than $2 spent on consulting and implementation services. And the overall project risk sits at least 60 to 70 percent in the project execution rather than in the identity governance tool the client selects.

In the future, thanks to cognitive computing, I believe this ratio will change dramatically. Every dollar spent on software — in all probability, on software-as-a-service (SaaS) — will maybe be matched up to $1 on consulting and implementation services. As a result of that shift, project risk will also dramatically decrease.

Today, implementing identity governance focuses on getting different stakeholders aligned on the semantics of their own data. Businesspeople speak their specific function or line-of-business language. Security teams talk about security policies; compliance and risk officers talk about regulations; application owners speak mostly of their beloved applications; and finally, IT people speak the cryptic language of OS, databases and so forth.

We’ve All Seen It, Done It and Know It By Heart

Every stakeholder has knowledge somewhere in natural language: documents, process modeling tools, IT service management tools, technical data sheets, etc. Projects are all (or largely) about first getting everyone on the same page, followed by reading existing documentation, matching the semantics, producing additional documentation and then finally moving everything into a new product.

In essence, we’re reinventing the wheel every time, no matter which identity governance and management product is being used. Right now, this is a definite technology limitation.

Can We Simplify This?

Cognitive computing is all about finding natural language patterns among different content. I do believe that in the next three to five years, IBM will see enormous benefits from our cognitive business solutions and could deliver cognitive-enabled identity governance and intelligence to our customers.

It’s not going to be a fast journey, but only a company this size has the intellectual and financial strength to lead this revolution within security and, more specifically, in the identity governance space. For more information on identity and access management, watch the on-demand webinar, “Protect Your Business-Critical Assets: How to Govern and Audit Access for SAP and the Mainframe.”

Now isn’t that elementary, my dear Cognitive Identity Watson?

More from Artificial Intelligence

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

AI reduces data breach lifecycles and costs

3 min read - The cybersecurity tools you implement can make a difference in the financial future of your business. According to the 2023 IBM Cost of a Data Breach report, organizations using security AI and automation incurred fewer data breach costs compared to businesses not using AI-based cybersecurity tools. The report found that the more an organization uses the tools, the greater the benefits reaped. Organizations that extensively used AI and security automation saw an average cost of a data breach of $3.60…