RECENT BLOGS

July 23, 2021

Preparing your Asset Management firm to adopt AI for Back Office Operations

READ MORE
Posted on by pooja

Enterprises have increasingly realized that they must implement AI to succeed as digital natives are fast outpacing the ones relying on monolithic architectures. However, lack of synchronization between downstream and upstream elements, failure to percolate the AI value and culture in the organization’s internal dynamics, unrealistic business goals, and lack of vision often means that the AI projects either get stuck in a rut or fail to achieve the desired outcomes. What seemed like a sure winner in the beginning soon becomes an albatross around one’s neck.

Mitigating the pitfalls with a well-drawn and comprehensive AI roadmap aligned to company needs  

According to a Databricks report, only one in three AI and predictive analytics projects are successful across enterprises. Most AI projects are time-taking – it takes six months to go from the concept stage to the production stage. Most executives admit that the inconsistencies in AI adoption and implementation stems from inconsistent data sets, silos, and lack of coordination between IT and management and data engineers and data scientists. Then there’s the human element that had to be taken into account as well. Reluctance to invest, lack of foresight, failure to make cultural changes are as much responsible for falling short of the AI targets as the technical aspects enumerated earlier.

This blog will consider both the technical and the human elements vital for conducting a successful AI journey. To mitigate any disappointment that could accrue later, enterprises must assess the risk appetite, ensure early wins, get the data strategy in place, drive real-time strategic actions, implement a model and framework that resonates with the organization’s philosophy while keeping in mind the human angle – ensuring responsible AI by minimizing bias.

Calculating the risk appetite – how far the organization is willing to go? 

Whether the aim is to enhance customer experience or increase productivity, organizations must be willing to do some soul searching and find out what they are seeking. What are the risks they are prepared to take? What is the future state of readiness/ AI maturity levels? And how optimistic are things at the ground level?  

From the utilitarian perspective, investing in a completely new paradigm of skills and resources which might or might not result in ROI (immediately) is debatable. However, calamities of a global scale like COVID-19 demand an increased level of preparedness. Businesses that cannot scale up quickly can become obsolete; therefore, building core competencies with AI makes sense. Automating processes mitigates the challenges of the unforeseeable future when operations cannot be reliant on manual effort alone. So even if it takes time to reach fruition, and all projects do not translate into the desired dividends, it is a risk many organizations willingly undertake.

There is a lot at stake for the leadership as well. Once AI is implemented, and organizations start to rely on AI/ML increasingly, the risks compound. Any miscalculation or misstep in the initial stages of AI/ML adoption could cause grievous damage to the business’s reputation and its business prospects. Therefore, leadership must gauge AI/ML risks.     

Importance of early wins – focussing on production rather than experimentation.  

Early wins are essential. It elicits hope across an organization. Let us illustrate this with an example from the healthcare sector – the ‘moon shot’ project. Launched in 2013 at the MD Anderson Cancer Centre, the ‘moon shot project’ objective was to diagnose and recommend treatment plans for certain forms of cancer using IBM’s Watson cognitive system. But as the costs spiraled, the project was put on hold. By 2017, “moon shot” had accumulated costs amounting to $62 million without being tested on patients. Enough to put the management on tenterhooks. But around the same time, other less ambitious projects using cognitive intelligence were showing remarkable results. Used for simple day-to-day activities like determining if the patient needed help with bills payment and making reservations, AI drove marketing and customer experience while relieving back-officer care managers from the daily grind. MD Anderson has since remained committed to the use of AI.

Most often, it makes sense to start with process optimization cases. When a business achieves an efficiency of even one percent or avoids downtime, it saves dollars – not counting the costs of workforce and machinery. It is relatively easy to calculate where and how we can ensure cost savings in existing business cases instead of exploring opportunities where new revenue can be driven, as illustrated by the MD Anderson Cancer Centre case study. As we already know how the processes operate, where the drawbacks are, it is easier to determine areas where AI and ML can be baked for easy wins. The data is also in a state of preparedness and requires less effort.

In the end, the organization will have to show results. They cannot experiment willy-nilly. It is the business impact that they are after. Hence the “concept of productionize” takes center stage. While high-tech and glamorous projects look good, these are best bracketed as “aspirational.” Instead, the low-hanging fruit that enables easy gains should be targeted first.

The leadership has a huge responsibility, and to prioritize production, they must work in tandem with IT.  Both should have the same identifiable business goals for business impact. 

Ensuring that a sound data strategy is in place – data is where the opportunity lies!

If AI applications process data a gazillion times faster than humans, it is because of the trained data models. Else, AI apps are ordinary software running on conventional code. It is these amazing data models trained to carry out a range of complex activities and embedding NLP, computer vision, etc., that makes AI super-proficient. As a result, the application or system can decipher the relevant text, extract data from images, generate natural language, and carry out a whole gamut of activities seamlessly. So if AI is the works, data is the heart.          

Optimizing data pool

Data is the quintessential nail in the absence of which all the effort devised for drafting an operating model for data and AI comes to naught. Data is the prime mover when it comes to devising an AI roadmap. For data to be an asset, it must be “findable, accessible, interoperable, and reusable”. If it exists in silos, data ceases to be an asset. It is also not helpful if it exists in different formats. It is then a source of dubiety and must be cleaned and formatted first. Without a unique identifier (UID), attached data can create confusion and overwrite. What the AI machinery needs is clean, formatted, and structured data that can easily be baked on existing systems. Data that can be built once and used in many use cases is fundamental to the concept of productized data assets.

It serves to undertake data due diligence or an exploratory data analysis (EDA). Find out where data exists, who is the owner, how it can be accessed, linkages to other data, how it can be retrieved, etc., before drawing out the roadmap. 

The kind of data defines the kind of machine learning model that can be applied, for example, for supervised machine learning models, data and labels are essential for enabling the algorithm to draw an inference about the patterns in the label, whereas unsupervised learning comes when data does not have labels. And transfer learning when the data that an existing machine learning model has learned is used to build a new use case.

Once the data has been extracted, it must be validated and analyzed, optimized, and enriched by integrating it with external data sources such as those existing online or in social media and to be fed into the data pipeline. A kind of extract, transform and load. However, if it is done manually, it could take ages and still be biased and error-prone. 

Drawing the data opportunity matrix to align business goals with data

Once the existing data has been sorted, find how it can be optimized for business by integrating it with data from external sources. For this purpose, an opportunity matrix, also known as the Ansoff matrix comes in handy. A two-by-two matrix that references new business and current business with the data subsets (internal and external), it aids the strategic planning process and helps executives, business leaders understand where they are in terms of data and how they would like to proceed further.   

Driving real-time strategic actions for maximum business impact using AI: Leadership matters 

Real-time strategic actions are important. For example, millennial banks and financial institutions must keep pace with customer expectations or else face consequences. By making the KYC process less painstaking with AI, banks and FinTechs can drive unexpected dividends. When the KYC is done manually, it is time taking. By the time the KYC is complete, the customer is frustrated. When AI and Machine Learning capabilities are applied to existing processes, organizations reduce manual effort and errors substantially. The costs of conducting the KYC are reduced as well. However, the biggest dividend or gain that organizations obtain is in the customer experience that rebounds once the timelines ( and human interaction) are reduced. That is like having the cake and eating it too!    

SAAS, on-prem, open-source code – finding out what is best!

If it is the efficiency and customer experience that an enterprise is after, SaaS works best. Hosted and maintained by a third party, it frees the business from hassles. However, if one wants complete control over data and must adhere to multiple compliance requirements, it is not a great idea. On-prem, on the other hand, offers more transparency and is suitable for back-end operations in a fintech company for fast-tracking processes such as reconciliations and AML/KYC. Though SaaS is feasible for organizations looking for quality and ease of application, open-source code produces better software. It also gives control and makes the organization feel empowered.          

Conclusion: AI is not a simple plug and play 

AI is not a simple plug-and-play. It is a paradigm shift and not everyone gets it right the first time. Multiple iterations are involved as models do not always give the desired returns. There are challenges like the diminishing value of data which would require organizations to broaden their scope and consider a wider data subset for maximizing accuracy.  

Notwithstanding the challenges, AI is a proven game-changer. From simplifying back-office operations to adding value to day-to-day activities, there is a lot that AI can deliver. Expectations, however, would have to be set beforehand. The transition from near-term value to closing in on long-term strategic goals would require foresight and a comprehensive AI roadmap. For more information on how your organization could use AI to drive a successful business strategy, write to us at  mail@magicfinserv.com to arrange a conversation with our AI Experts.     

July 8, 2021

SCIM – Redefining identity and access management in the cloud

READ MORE
Posted on by pooja

“Worldwide end-user spending on public cloud services is forecast to grow 18.4% in 2021 to total $304.9 billion, up from $257.5 billion in 2020.” Gartner

Though indispensable for millennial businesses, cloud and SaaS applications have increased the complexity of user lifecycle management manifold times. User provisioning and de-provisioning, tracking user ids and logins have emerged as the new pain points for IT as organizations innovate and migrate to the cloud. In the changing business landscape,  automatic provisioning has emerged as a viable option for identity and user management.        

Resolving identity and access concerns

Identity and access management (IAM) is a way for organizations to define user’s rights to access and use organization-wide resources. There have been several developments in the last couple of decades for resolving identity and access concerns (in the cloud). 

The Security Assertions Markup Language (SAML) protocol enables the IT admin to set up a single sign-on (SSO) for resources like email, JIRA, CRM, (AD), so that when a user logs in once they can use the same set of credentials for logging in to other services. However, app provisioning or the process of automatically creating user identities and roles in the cloud remained a concern. Even today, many IT teams register users manually. But it is a time-consuming and expensive process. Highly Undesirable, when the actual need is for higher speed. Just-in-Time (JIT) methodology and System for Cross-domain Identity Management (SCIM) protocol ushers in a new paradigm for identity management. It regulates the way organizations generate and delete identities. Here, in this blog, we will highlight how JIT and SCIM have redefined identity and access management (IAM). We will also focus on cloud directory service and how it reimagines the future of IAM.     

  1. Just-in-Time (JIT) provisioning

There are many methodologies for managing user lifecycles in web apps; one of them is JIT or Just-in-Time. In simple terms, Just-in-Time (JIT) provisioning enables organizations to provide access to users (elevate user access) so that only they/it can enter the system and access resources and perform specific tasks. The user, in this case, can be human or non-human, and policies are governing the kind of access they are entitled to. 

How it works    

JIT provisioning automates the creation of user accounts for cloud applications. It is a methodology that extends the SAML protocol to transfer user attributes (new employees joining an organization) from a central identity provider to applications (for example, Salesforce or JIRA). Rather than creating a new user within the application, approving their app access, an IT admin can create new users and authorize their app access from the central directory. When a user logs into an app for the first time, those accounts are automatically created in the federated application. This level of automation was not possible before JIT, and each account had to be manually created by an IT administrator or manager. 

  1. System for Cross-domain Identity Management (SCIM) 

SCIM is the standard protocol for cross-domain identity management. As IT today is expected to perform like a magician -juggling several balls in the air and ensuring that none falls, SCIM has become exceedingly important as it simplifies IAM. 

SCIM defines the protocol and the scheme for IAM. The protocol defines how user data will be relayed across systems, while the scheme/identity profile defines the entity that could be human or non-human. An API-driven identity management protocol, SCIM standardizes identities between identity and service providers by using HTTP verbs.

Evolution of SCIM

The first version of SCIM was released in 2011 by a SCIM standard working group. As the new paradigm of identity and access management backed by the Internet Engineering Task Force (IETF), and with contributions from Salesforce, Google, etc., SCIM transformed the way enterprises build and manage user accounts in web and business applications. SCIM specification allocates a “common user schema” that enables access/exit from apps.  

Why SCIM? 

Next level of automation: SCIM’s relevance in the user life cycle management of B2B SaaS applications is enormous.   

Frees IT from the shackles of tedious and repetitive work: Admins can build new users (in the central directory) with SCIM. Through ongoing sync, they can automate both onboarding and offboarding of users/employees from apps. SCIM frees the IT team from the burden of having to process repetitive user requests. It is possible to sync changes such as passwords and attribute data. 

Let us consider the scenario where an employee decides to leave the organization or is on contract, and their contract has expired. SCIM protocol ensures that the account’s deletion from the central directory accompanies the deletion of identities from the apps. This level of automation was not possible with JIT.  With SCIM, organizations achieve the next level of automation.

  1. Cloud Directory Services

Cloud directory service is another category of IAM solutions that has gained a fair amount of traction recently. Earlier, most organizations were on-prem, and Microsoft Active Directory fulfilled the IAM needs. In contrast, the IT environment has dramatically changed in the last decade. Users are more mobile now, security is a significant concern, and web applications are de facto. Therefore the shift from AD to directory-as-a-service is a natural progression in tune with the changing requirements. It is a viable choice for organizations. Platform agnostic, in the cloud, and diversified, and supporting a wide variety of protocols like SAML, it serves the purpose of modern organizations. These directories store information about devices, users, and groups. IT administrators can simplify their workload and use these for extending access to information and resources.

Platform-agnostic schema: As an HTTP-based protocol that handles identities in multi-domain scenarios, SCIM defines the future of IAM. Organizations are not required to replace the existing user management systems as SCIM acts as a standard interface on top. SCIM specifies a platform-agnostic schema and extension model for users and classes and other resource types in JSON format (defined in RFC 7643). 

Ideal for SaaS: Ideal for SaaS-based apps as it allows administrators to use authoritative identities, thereby streamlining the account management process.

Organizations using internal applications and external SaaS applications are keen to reduce onboarding/deboarding effort/costs. A cloud directory service helps simplify processes while allowing organizations to provision users to other tools such as applications, networks, and file servers. 

It is also a good idea for cloud directories service vendors like Okta, Jumpcloud, OneLogin, and Azure AD to opt for SCIM. They benefit from SCIM adoption, as it makes the management of identities in cloud-based applications more manageable than before. All they need to do is accept the protocol, and seamless integration of identities and resources/privileges/applications is facilitated. Providers can help organizations manage the user life cycle with supported SCIM applications or SCIM interfaced IDPs (Identity Provider).   

How JIT and SCIM differ

As explained earlier, SCIM is the next level of automation. SCIM provisioning automates provisioning, de-provisioning, and management, while JIT automates account development. Organizations need to deprovision users when they leave the organization or move to a different role. JIT does not provide that facility. While the user credentials stop working, the account is not deprovisioned. With SCIM, app access is automatically deleted.     

Though JIT is more common, and more organizations are going forward with JIT implementation, SCIM is in trend. Several cloud directory service providers realizing the tremendous potential of SCIM have accepted the protocol. SCIM, they recognize, is the future of IAM.   

Benefits of SCIM Provisioning

  1. Standardization of provisioning

Every type of client environment is handled and supported by the SCIM protocol. SCIM protocol supports Windows, AWS, G Suite, Office 365, web apps, Macs, and Linux. Whether on-premise or in the cloud, SCIM is ideal for organizations desiring seamless integration of applications and identities. 

  1. Centralization of identity

An enterprise can have a single source of truth, i.e., a common IDP (identity provider), and communicate with the organization’s application and vendor application over SCIM protocol and manage access.

  1. Automation of onboarding and offboarding 

Admins no longer need to create and delete user accounts in different applications manually. It saves time and reduces human errors. 

  1. Ease of compliance 

As there is less manual intervention, compliance standards are higher. Enterprises can control user access without depending upon SaaS providers. Employee onboarding or turnover can be a massive effort if conducted manually. Especially when employees onboard or offboard frequently, the corresponding risks of a data breach are high. Also, as an employee’s profile will change during their tenure, compliance can be a threat if access is not managed correctly. With SCIM, all scenarios described above can be transparently handled in one place.

  1. More comprehensive SSO management

SCIM complements existing SSO protocols like SAML. User authentication, authorization, and application launch from a single point are taken care of with SAML. Though JIT user provisioning with SAML helps provision, it does not take care of complete user life cycle management. SCIM and SAML combination SSO with user management across domains can be easily managed.

SCIM is hard to ignore

Modern enterprises cannot deny the importance of SCIM protocol. According to the latest Request for Comments – a publication from the Internet Society (ISOC) and associated bodies, like the Internet Engineering Task Force (IETF) – “SCIM intends to reduce the cost and complexity of user management operations by providing a common user schema, an extension model, and a service protocol defined by this document.” Not just in terms of simplifying IAM and enabling users to move in and out of the cloud without causing the IT admin needless worry, SCIM compliant apps can avail the pre-existing advantages like code and tools. 
At Magic FinServ, we realize that the most significant benefit SCIM brings to clients is that it enables them to own their data and identities. It helps IT prioritize their essential functions instead of getting lost in the mire tracking identities and user access. Magic FinServ is committed to ensuring that our clients keep pace with the latest developments in technology. Visit our cloud transformation section to know more.

Get Insights Straight Into Your Inbox!

    CATEGORY