2019 SailPoint Identity Insider Magazine - Magazine - Page 16
MIKE KISER
Global Security Strategist,
Office of the CTO, SailPoint
The Bernoulli
Principle for Identity
Smallpox is one of the deadliest diseases in all
of human history. If you contracted smallpox
in the 18th century, you would have a one in
three chance of dying within sixteen days. In
the 20th century alone, smallpox killed over
500 million people. Fortunately, it’s also the only
infectious disease among humans that has been
successfully eradicated.
Daniel Bernoulli, attempting prove the efficacy of
inoculation against smallpox, published the first
epidemiological model in 1760; he demonstrated
that life expectancy increased due to the use
of inoculation against smallpox in the general
population. In doing so, he introduced the use of
epidemiological models that have been used to
address the spread of not only smallpox, but also
malaria, AIDS, SARS, measles, cholera, etc.
Bernoulli’s model introduced provided three
separate benefits related to the spread of
disease: an understanding of the mechanism of
transmission, a prediction of the future expansion
of infection, and, of course, control over the spread
of the disease. A machine-trained model based
on this epidemiological model, when combined
with a network-graph representation of identity,
can provide similar results related to the spread of
identity and its related access. In short, applying
epidemiological concepts to identity holds great
promise for innovation.
Just as smallpox was communicated from
patient to patient, access to sensitive data and
applications often spreads like a disease inside
communities of identities. By understanding how
access is communicated from “patient zeros”
to the surrounding community, it is possible
to begin to predict which identities will soon
16
|
SAILPOINT IDENTIT Y INSIDER
accumulate access, and then seek to discover
inoculation-type tactics to restrict the spread
of unnecessary access. By analyzing these
“infection patterns,” the machine-trained model
can provide recommendations for governing
identity, enhancing decision-making, educating
human users, and pairing machine learning and
human learning in a “virtuous loop.” Over time,
routine approvals or revocation of access could be
completely automated, allowing humans to focus
solely on difficult boundary cases, accelerating
overall productivity for securing identity. By thus
“inoculating” communities against the rampant
spread of access, risk to enterprises and the
community at large is reduced.
There are times, however, when this model should
be used to promote the spread of identity rather
than to restrict it. Initiatives such as ID2020 are
endeavoring to ensure that underserved groups
are not left behind by the promise of digital
transformation: by granting them identities, they
clear a path for them to access health care,
exercise their voting rights, obtain education, or
otherwise reap the benefits of what are assumed
as basic human rights. This model could be used
to examine how underprivileged communities
adopt identity, seek to remove inhibitors to its
acceptance, and accelerate its adoption in
communities worldwide.
Thus, what Bernoulli began in 1760 still finds its
expression today: modeling the real world with
the end goal of reducing harm and improving
the quality of human life. As we seek to innovate
in his footsteps, we have no doubt that he would
be using the same techniques and ideas were he
around today.