How Smart Audit’s AI technology is enhancing Workday security and simplifying audits
In part one of this article, we explored how Smart Audit leverages AI to detect anomalies within Workday security policies, uncovering potential access discrepancies. Now, Antonis Alexiadis, Lead Data Scientist at Kainos, explains how Workday Security experts and administrators can streamline Workday security audits through Smart Audit’s AI-driven anomaly detection.
Typically, organisations manually assess security entitlements using numerous custom reports and spreadsheets an approach that, while effective, proves time-consuming and susceptible to errors and oversights. Smart Audit simplifies Workday security by utilising AI to identify occurrences where security groups might be inaccurately linked to domains or business processes. This streamlines the efforts of Workday security administrators during security group reviews while improving the accuracy of their findings. Users of Smart Audit report over 96% reduction in time spent compared to manual security controls of a similar nature.
Intelligent Workday security analysis focuses on several key use cases related to security policy and security group analysis.
1. Pre-deployment validation: Go-live with confidence. Evaluate the appropriateness of security groups prior to go-live. Implementers and Workday customers benefit from better security, intentional entitlements and fewer errors.
2. Monitor security policy changes: Post-deployment, use AI to monitor the impact of routine configuration changes to provide comfort that access to critical domains and business processes remain correct.
3. Automate your audit: Auditors spend a lot of time evaluating logical access controls and configurations. Using AI you can streamline this process by evaluating access to higher risk privileges and finding issues fast before they impact the business.
Enhancing security analysis with Smart Audit
Smart Audit utilises a Probabilistic approach to identify security irregularities and to provide actionable insights. By using such an approach, the various configuration elements such as security groups, functional areas, domains, and permissions can be portrayed using Random Variables therefore reflecting their underlying relationships. For instance, this can involve scenarios such as a security group with unrestricted access to a domain or a security group with the ability to approve business processes within a functional area.
To detect anomalies, Smart Audit quantifies the frequency of relationships across different elements using probabilities, which serve as features for analysis. For example, if there are ten security groups linked to a domain, and nine of them have limited access while one has unrestricted access, it may indicate an inappropriate access grant to that specific security group. This approach allows AI to combine human auditing expertise within a Probabilistic framework, resulting in an anomaly detection system that produces results that can be easily explained. It enables Smart Audit to create a system where human knowledge and Probabilistic analysis complement each other, enhancing the overall security assessment process.
While Black-box models can deliver impressive results across several tasks, such as Natural Language processing or object detection, their limitations surrounding result “explainability” can have a negative impact on auditor reliance and the end-user’s ability to action next steps. Black-box models are trained on numerical data. The anomalies are then determined as instances that deviate from the predominant underlying pattern. Transforming categorical data (such as domains and functional areas) into numerical can be achieved through a process known as Feature Engineering. Given the complexity of the security configurations however, this can lead to very high dimensionality and undermine the model’s efficiency and “explainability”. Finally, Black-box models need elaborate fine-tuning to achieve optimum performance. Automating such procedure can induce risks when access to underlying data is restricted and human supervision is not an option. In contrast, Probabilistic models have been historically developed to handle categorical and numerical data while allowing auditors to understand the reasoning behind the model's decisions.
Getting it right every time
To ensure maximum effectiveness, users are only alerted when the AI is confident that a security group exhibits highly irregular attributes. This minimises the number of false positives while the accompanying insights provide an explanation of the root cause and the necessary steps to resolve it. To provide actionable insights the Kainos team combined their in-house Workday expertise, AI modelling, specifically anomaly detection, and extensive feedback from their design partners. The design and specification process involved identifying several key attributes that act as “flashlights” during a comprehensive search of Workday’s security configuration for irregularities.
This means that the AI inspects the security configuration from various perspectives, including permissions to modify domains or approve business processes within a security group or functional area, access type (constrained versus unconstrained) and others. Pooling multiple features together to assess the security configuration improves the accuracy of the findings and increases the likelihood of detecting truly abnormal configurations.
For example, consider the HR auditor security group. Most auditors only need view access. One of the attributes that can be evaluated across domains is domain permission type. The table below shows how the security group HR auditor is associated with different domains. The only domain the HR auditor has permission to modify is Reports: severance worksheets. This case would be flagged because auditor type security groups will typically have view only permissions with no modify capabilities.
By leveraging AI to review security access, a security team can operate more efficiently and concentrate on non-standard areas of the configuration during reviews. This enables rapid identification of inaccurate security allocations to users.
Smart Audit’s new AI-driven functionality is a valuable tool for both Workday administrators and auditors alike. AI can automatically identify inappropriate security group access and provide relevant insights to help users prevent risks through timely detection and remediation. This functionality is one component of Smart Audit’s ongoing efforts to use AI in auditing. The potential for AI to improve auditing processes is vast and Kainos is committed to delivering innovative tooling for Workday customers.