Skip to Content
Technical Articles

Intelligent Access Control for the Intelligent Enterprise using Machine Learning

Future compliance solutions will be based on intelligent technologies that leverage data-driven insight to drive automated decisions and actions.

Like SAP governance, risk and compliance solution (GRC), there are many other compliance solutions exists in the market, and the purpose is all about managing the access “Who has access to what?” Start from requesting access to finally getting access to many parties involved. The Requestor must repeat the role search mechanism for each user with different role search attributes to get the desired results, there is no mechanism to provide recommendation or prediction to the requestor for the required roles.

Also, in the customer landscape, a very limited number of approvers/compliance administrators perform this task to verify thousands of access requests which results in millions of line-items to check and approve. Chances of errors are very high due to the high volume of data and the ability of the human brain to identify patterns or suspicious requests from this dataset. But the solution which is based on machine learning predicts the appropriate decision for that request and based on the approvers/administrator history which requests need more attention than others and suggesting mitigation measures in case of risk. In this case, starting from the requester till final approval each party will get data-driven insights to automate the majority of the decisions while focusing on more critical requests.

  • Data-driven insights help to identify any suspicious access request.
  • Increase efficiency and confidence of the approver as the decision is based on facts.
  • Reduced approval process time results in the end-user can start working on his/her task in less time.
  • Easy to identify unnecessary role assignments that can reduce fraud.
  • Involving requester in the decision-making process by providing insights while requesting for access.

 

Problem Statement

Existing Access Control solutions in the market like SAP Access Control is all about managing the user access, where access request creation/approval is the daily task for designated employees as requester/approver/role owners/security in the organization.

The number of line-items the approver reviews to take a decision on request can be more than 1K. This action can be Approve/Remove for each line item, the process is manual and time-consuming, providing sensitive authorization or unnecessary roles, delay in processing the request leads to various issues like risk, fraud, audit failure, etc.

Below you can see the scale of problem-based in the mid-size industry, the problem grows exponentially for the large-size industry when system/users/roles increase.

 

Proposed Solution

The machine-learning-based solution is to leverage the intelligent technologies to provide data-driven insights to drive automated decisions and actions, there are hundreds of attributes that need to be considered, also historical data plays an important role while making the decision to approve/reject. The human brain has its own limitations can not remember/consider all these attributes, but using machine learning predicting capabilities we can train the machine to consider all the required parameters, historical data and keep updating itself by learning from the current actions of the approver.

 

In our intelligent solution, starting from the creation of the request machine learning will assist the requester by providing the most appropriate role for an employee, with the percentage probability of role approval/rejection.

Approver at different stages will get an auto-filled decision with the confidence level, where the approver just needs to quickly review and complete the request. Although the approver can change the pre-filled decision during the review, and the machine will automatically learn from the new decision.

These data-driven insights result in quick and easy decision making, the approver can prioritize the request in the queue based on criticality, machine learning reduced the probability of error to a minimum which in turn minimize the chances or risk in the system, fraud, and audit issues.

 

Business Benefits

  • The approver can make a decision more efficiently and in less time.
  • Intelligent Access Request will be furthermore efficient in the next iterations based on the approver’s decision.
  • Better prevention of risk that can occur due to improper role assignment review.
  • Easy to identify unnecessary role assignments that can reduce fraud.
  • The requestor will gain confidence whether the request will be approved or not. In case the chance of rejection is high, the requestor can review the request and further modify the request so that it will have more chances of approval without any rejection. Can be deployed as a cloud solution.
  • It will help the requestor to raise requests with valid requirements (i.e. line items).
  • Reduce the effort for creating the access request and approval decision making, which is results in minimal processing time.
  • New UI design will more user-friendly and more informative.
  • Intelligent Approval Process leads to successful audits.

 

Feel free to leave your comment below if you have questions or suggestions, provide feedback on any existing manual process where can implement machine learning to automate decision making with data-driven insights.

Thanks for reading!

2 Comments
You must be Logged on to comment or reply to a post.
  • Like this process, from business standpoint it is going to really help organization on huge time and efficiency saving on approver's process. I guess, rather limiting the approver with limited option (Approve or Reject) it might be better to provide 'Due Diligence' option where approver don't fall to systematically remote recommendations which also divides trust responsibility between product and user's of product to avoid any risks

    • Thanks, Vijay for your inputs. You are right, In some of the cases, the 'Due Diligence' option can prove more useful rather than having only Approve/Reject.