Embracing Anticipatory Identity Product Design and Experiences

Technology is changing every aspect of our lives. The recent global pandemic has spotlighted the importance of technology for interpersonal connections and business continuity. And we are more reliant on technology now than we’ve ever been. But, businesses have known for years that not just any technology is critical to growth. It’s technology that truly transforms our day-to-life for the better, without adding complexity. 

The more complex a new technology is, the more likely a person will avoid using it – no matter how impactful its capabilities may be. This is especially true in the realm of cybersecurity. Security and identity solutions must take the user experience into account, which is why Security-as-a-Service software has leaned heavily toward intuitive experiences in recent years. Intuitive design has become the industry norm. But is there something better? Is there a way to step beyond an intuitive experience and offer people what they need before they even realize they need it?

The Emergence of Anticipatory Product Experiences

There is a better approach that our industry can take, and it’s not exactly a new idea. Its roots run deep in the product design community and stem from a concept that has been around for years called Anticipatory Design. It’s a different way to approach how we – as technology innovators – create and define the user experience.

89% of successful businesses acknowledge that anticipating customer needs and providing assistive experiences along the customer journey is crucial to success. Anticipating customer needs provides more than just a good user experience. It alters the way their world operates, the way they communicate, collaborate, and connect. It provides a transformative experience that changes essential aspects of their day-to-day life for the better.

What is Anticipatory Design? 

Anticipatory Design takes the intuitive experience to the next level. Building on this concept, the security community can transform our industry. We can go beyond intuitive interaction by providing software solutions that solve problems before they are even realized. This concept builds upon intuitive design by becoming contextually aware of user activity.

With this awareness, software can present relevant information, suggestions, or actions targeted toward the user’s needs in the moment.  It simplifies the user interface and eliminates the downtime required to analyze new information or make a decision. This type of design not only reduces frustration – it improves the overall user experience.

Improving the Identity Experience

Cumbersome identity solutions cause friction and slow adoption. By embracing anticipatory design, identity software vendors can eliminate the typical application bottlenecks and deliver a seamless experience to end-users and admins alike. But anticipating behavior isn’t easy. It requires mindful product development and a holistic understanding of how people interact with your product at every level.

Today, machine learning (ML) and artificial intelligence (AI) have made it easier than ever to build these types of experiences into our products. ML allows the system to learn from user behavior and understand the context of user activity. With this contextual understanding, the system can then automatically suggest the next step in a workflow. And by taking into account environmental concerns – such as policies and controls along with user activity – it’s possible to deliver data-driven predictions and suggestions to streamline workflows and minimize frustration.

Designing the Identity Cloud for the Future

The Saviynt EIC (Enterprise Identity Cloud) has anticipatory experience built-in across the platform. Its five products work best together, but anticipatory functionality is seamless throughout the offering. The EIC uses automation and intelligent analytics to increase efficiency and ensure the right user privileges are in place. 

These recommendations and cross-checks help organizations keep up with the pace of business. By placing information at the decision-maker’s fingertips, admins can fast-track smarter decisions. Workflows such as user access requests, automated approvals, and certifications cross-checks all stand to benefit from anticipatory product design.

Offering Access Recommendations

A Remediate survey shows that over half of businesses think access management takes too long, even if they have an existing software solution. For example, users often waste significant time trying to decide what access they need. And even when users know exactly what to request, their choice may not be the right fit for their role – resulting in excess permissions. Anticipatory solutions drive efficiency by assisting the user before they even begin to look for help.

Let’s consider a user attempting to access Salesforce without an account. They typically start hunting for permissions in Salesforce and make an access request without context into the proper permissions for their role. So they end up asking for permissions beyond their needs. 

An anticipatory solution will note that the user is attempting to access Salesforce and offer to create an account with permissions appropriate for their needs based on contextual user information, such as their department and title. This not only streamlines the user experience but it also ensures proper permissioning. 

Managing Endpoint Access Risk

According to Verizon Research, 30% of breaches stem from internal actors. Managing their access is about more than assigning permissions. It requires accounting for risk and determining what is necessary to grant access. Part of this calculation should account for the endpoint risk from which they request access – and what happens “if” access is granted. This anticipatory response considers the what-if scenario and then makes recommendations based on that information. 

Endpoint asset risk is crucial because it sets the foundation for all actions taken moving forward. Consider when you need privileged access or are an administrator for a server. In this case, the level of risk depends on multiple factors. If you log in from a personal device, and that device is behind on patches or using an untrusted network, it creates a high-risk situation. This context is evaluated along with the risk associated with the asset and the risk from the user. User risk takes into account their existing access, account existing policies, and organizational controls in place. Without this information, data could be compromised in transit and at the endpoint, even if the access would typically be appropriate.

Auto Approvals Reduce Rubber Stamping

Within Identity Governance and Administration (IGA) and Privileged Access Management (PAM), the approvals process can be streamlined with anticipatory design to reduce rubber stamping. By evaluating the context of the identity, a solution can make intelligent risk-based decisions. This information pulls together user risk, endpoint risk and asset risk. Doing so helps to set a threshold for auto-approval. Artificial intelligence (AI) and machine learning (ML) ingest and process all of this information accordingly. 

Consider a vendor needing access to do routine system maintenance. They require limited administrative access, scoped explicitly for this task. Using AI/ML, the solution learns this vendor was granted scoped privileged access multiple times; therefore, the request is auto-approved. This streamlines the requestor’s access and saves the approver from having to review this low-risk request.

Verification & Certification Cross Checks

Anticipation can also come into play determining access retention. In the certification process, decision-makers verify existing access to assess appropriateness. The traditional spreadsheets and managerial reviews make this time-consuming and complicated — making the risk of rubber-stamping increases for repetitive tasks. Removing access is avoided on the assumption it will be requested again. This leaves the organization with excessive access issues or halts productivity. 

An anticipatory system reviews usage and leverages peer analytics to offer contextual information and risk level. The approver sees this cross-checked against policies and regulations to ensure the roles and permissions are appropriate. Placing this information at the approver’s fingertips provides clear guidance on what is needed vs. what is excessive. This way, they can quickly and efficiently make reasonable choices without over or under-permission a user – reducing wasted time and frustration for both approvers and users.

Transforming Tomorrow, Today

Anticipatory experience does more than just reduce difficulty. It’s a better approach that helps organizations turn identity security into a business enabler. It goes beyond intuition and streamlines the entire identity management lifecycle. And ultimately alters how security operates by providing a transformative experience that increases agility and improves productivity across an entire organization.