The Rise of Autonomous Ticket Resolution
Why AI Digital Employees Can Improve IAM
IAM Ticket Resolution Today: Oversubscribed and Ineffective
Broad variety of ticket types
Lack of fulfilment efficiency
Service desk ticketing systems today are routinely overworked and ineffective when it comes to identity and access management (IAM) - and for several core reasons. The volume and variety of identity types and systems has increased - but so have the volume and variety of tickets being raised.
Broad and disjointed multi-factor authentication (MFA) strategies typically correlate with an increase in enrolment issues, as well as the avoidable troubles associated with credential and password reset work flows.
New user on-boarding inevitably generates interactions with respect to device configuration and a lack of familiarity with technology or systems registration. But ultimately it is in the access management and misalignment domain that are generating the most interactions - many of which are becoming complex to complete and fulfil.
Many of these requests are repeatable, routine and avoidable - yet are still being completed by human operators. Requests often lack the appropriate level of context and detail - missing basic details such as the user’s current role or access, a system owner or a more risk-aligned description of what is needed and why.
Fulfilment times are increasing too as a result. The breadth and depth of request coverage likely means that many downstream systems are disconnected from the core automated provisioning apparatus - resulting in error prone and customised fulfilment of access additions or removals. A lack of context can also impair risk based decision making as it comes to changing access that is in alignment with both business requirements and security controls.
Risk Increasing & Productivity Decreasing
Lack of consistency
Human error and complex operating procedures
The impact of this is not just overworked employees and inefficient service desk fulfilment. As the strategic role of IAM has increased to enable productivity, security and revenue generation opportunities, the ineffectiveness of ticket management creates systemic failures in many parts of the modern business.
Delays in access fulfilment have a material impact on risk management. A slowdown in access removal - be it for a terminated employee, insider threat scenario or task completion - introduces significant issues with respect to privilege escalation opportunities or privilege abuse. In addition to delay, a lack of context, disconnected systems and human-centric process results in inconsistent completion and a lack of repeatable execution. This has a cascading effect on both productivity and risk.
Productivity also needs to be considered from both a fulfilment and end user point of view. A lack of context, repeatability and manual completion results in reduced effort to closure rates, but delays and inconsistencies in closure impact the end user too. Ticket bounce backs - often due to incorrectly assigned permissions or the removal of the wrong permissions - prevent task completion or result in timely escalations with no clear incident resolution pathway.
Rise of The AI Digital Employee: Automation, Consistency, Repeatability
Specialised learning based on company and context
Human augmentation
So what can be done? Vendors like Twine Security are certain that the rise of the AI digital employee is showing significant inroads in solving some of these key issues. An ability to train an agent with the specific nuances of an organisation, system and their joiner-mover-leaver processes is now quite possible. AI thrives on data - and the data relating to how an organisation manages their identity and access management processes is often readily available. This form of specialist learning is critical.
Twine Security describe themselves as: “Reduce manual cybersecurity work by 70% with Twine's AI Digital Employees. Automate identity management, cut costs, and improve team efficiency.”
Not all organisations are the same. Not all on-boarding and off-boarding processes are the same. Access request approvals will vary, the connected systems will vary and how they are connected will also vary. And as technology never lives in a vacuum, all of these components are constantly in a state of flux - which many traditional IAM systems fail to handle - often designed from a very static point of view. Each of these components and workflows will also see execution variability based on a combination of end user involved in the request, the approver and the context too. AI of course is designed to consume both vast amounts of data but also the nuances within it - allowing optimisation to take place.
A key part of deploying not just digital employees but agentic-AI in general, is building trust. Trust from an interaction point of view but also from an operational perspective. Evidence of hallucination and negative optimisation are now common, so it becomes critical to leverage a digital employee function that knows its own limitations. Knows when risk is present, a lack of information is present and knows when an optimal outcome can not be achieved without human guidance. It is important the agentic-approach not only knows when to escalate, but how to escalate.
Full Accountability, With Strategic Automation
Smarter decision making
Operational improvement
Security and audit traceability
There are touch-points where guardrails are critical. Initial on-boarding with respect to agent credential configuration, permissioning and credential issuance should be deterministic and transparent. This on-boarding process is critical to understand the existing nuance of both manual and automated processes - why have they been created, what might go wrong and who from an approval and escalation process is needed to complete both the happy and unhappy paths.
That learning process should also contribute to the identification of data concerns, or inefficiencies with respect to process or execution. By analysing existing processes and the ticket instances that have previously been completed, digital employees should be able to understand patterns and capture the subtle context needed (or lacking) to accelerate completion.
The immediate metric of success is operational improvement. Tickets can be fulfilled faster, with more automation and more consistency, but can also be optimised. Redundant stages, poorly completed or missing form entries can all be removed.
The key to both adoption and continual improvement is the ability to have full traceability of all of the AI digital employee events and ticket fulfilment stages. Audit and monitoring of all individual events and tasks is a given, but also the linkage back to a carbon life-form. This essentially is supporting the “on-behalf” of authorization flow for agentic-AI where it is critical to understand why and how an employee was triggered and is it authorised.
IAM is complex. Organisations have to deal with a range of asymmetric information problems, disconnected systems, missing workflows and an increasing rise in the volume and variety of identities and systems under management. The rise of Agentic AI adoption across all parts of the technology landscape is delivering huge productivity gains and competitive opportunities. The specific focus on the often stagnant IAM fulfilment flows will reduce considerable effort and security risk that many organisations are now facing.
About The Author
Simon Moffatt has over 25 years experience in IAM, cyber and identity security. He is founder of The Cyber Hut - a specialist research and advisory firm based out of the UK. He is author of CIAM Design Fundamentals and IAM at 2035: A Future Guide to Identity Security. He is a Fellow of the Chartered Institute of Information Security, a regular keynote speaker and a strategic advisor to entities in the public and private sectors.