Survey Reveals Identity Management Gaps in AI Systems Are Critical for Organizations
Gaps in Identity Management for AI Deployments
The rapid evolution of artificial intelligence (AI) technology brings numerous opportunities but also significant risks, especially in how organizations manage identities. A recent survey conducted by Commvault, in collaboration with IDC, highlights a crucial gap in the identity management frameworks essential for the effective deployment of agentic AI.
Survey Overview
The survey gathered insights from 539 senior IT and resilience decision-makers across North America. It revealed that 90% of respondents acknowledged the urgent need for enhancements in identity management to address risks associated with AI systems. These findings underline the increasing complexity organizations face as they incorporate AI into their operations.
The Rise of Non-Human Identities
One of the most concerning aspects identified in the survey is the proliferation of non-human identities. AI agents, often granted always-on access to sensitive corporate data, can significantly outnumber human identities in the near future. Approximately 58.7% of those surveyed indicated that substantial improvements or a complete redesign of their identity management strategies are necessary to mitigate this trend. The consequences of neglecting these improvements could be dire, potentially leading to security breaches that compromise organizational integrity.
Current State of Identity Management
Among the respondents, only 26.7% reported having advanced dynamic role-based access control (RBAC) suitable for AI and analytics. Additionally, just 24.7% claimed to have documented and rigorously tested their Active Directory and Entra ID capabilities. A staggering 98.4% of participants expressed the urgent need for improved collaboration between IT and security teams; 49.7% stated major enhancements are imperative.
The Importance of Identity Management
Vidya Shankaran, Field CTO at Commvault, emphasized that AI's transformative impact on organizational operations, decision-making, and risk management requires a reevaluation of identity management systems. Shankaran noted, "Existing systems are ill-equipped to govern the burgeoning population of AI agents, machine identities, and automated workflows. Identity management is a critical Tier 0 application necessary for ensuring organizational confidence in recovery efforts."
Broader Resilience Challenges
The research also drew attention to a generalized resilience challenge, revealing that 57.7% of organizations surveyed have yet to define their Minimum Viable Business (MVB). This lack of clarity affects recovery orchestration capabilities and overall cyber-resilience. The growth of Resilience Operations (ResOps) emerges as a necessary operational discipline, merging business, security, infrastructure, and recovery teams with the goal of maintaining seamless business operations during disruptions.
ResOps: A Key to Organizational Fortitude
As outlined by Frank Dickson from IDC, ResOps is poised to transition from an emerging field to an essential enterprise capability within the next three to five years. Organizations building governance structures, refining technical capabilities, and enhancing testing protocols today will be better equipped to navigate future disruptions, safeguard customer data, and maintain competitiveness in a challenging threat landscape.
Preparing for the Future
To help organizations gauge their readiness levels, the IDC Cyber Readiness Assessment, also sponsored by Commvault, enables companies to evaluate their cyber resilience maturity effectively. The assessment identifies essential areas needing improvement, allowing organizations to bolster their identity, protection, detection, response, and recovery mechanisms based on insights gleaned from the survey.
Conclusion
The increasing complexity and demands of modern technology necessitate that organizations adapt their identity management practices accordingly. With AI poised to significantly reshape the corporate landscape, ensuring robust identity governance will be vital to mitigate risks effectively. Companies must prioritize investment in identity management systems and collaborate closely with IT and security teams to safeguard their operations against emerging threats, thereby achieving a state of readiness for the future of business.