Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Zero trust and AI in resilience programmes: what changes now?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: DXC’s CISO argues that Zero Trust and AI should be treated as a paired strategy for reducing risk, improving access control, and accelerating response, while security graphs provide the data model needed to make policy enforcement and anomaly detection work at scale, according to Illumio. The governance shift is clear: resilience now depends on continuous visibility, not compliance theatre.

NHIMG editorial — based on content published by Illumio: The CISO’s Playbook: How DXC Is Aligning Security with Business Growth

Questions worth separating out

Q: How should security teams implement Zero Trust for non-human identities?

A: Start by inventorying every machine identity, assigning an owner, and mapping its access to a specific business function.

Q: Why do security graphs matter for IAM and NHI programmes?

A: Security graphs matter because they connect entitlements, behaviours, systems, and data into a single relationship view.

Q: What breaks when segmentation is not tied to privilege scope?

A: Segmentation becomes a network design exercise instead of an access control.

Practitioner guidance

What's in the full article

Illumio's full blog covers the operational detail this post intentionally leaves for the source:

  • The article expands on how DXC frames Zero Trust as a business strategy rather than a tooling conversation.
  • It includes the boardroom messaging approach Baker uses to link security investments to business outcomes.
  • It describes how AI is used to automate policy enforcement and anomaly flagging inside a real enterprise environment.
  • It outlines the security graph view that supports faster response and cross-platform visibility.

👉 Read Illumio's analysis of how DXC is aligning Zero Trust and AI for cyber resilience →

Zero trust and AI in resilience programmes: what changes now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

Zero Trust is becoming the practical governance layer for identity risk, not just a network strategy. The article frames Zero Trust as the framework that makes faster security decisions possible, which is exactly where many IAM programmes are heading. Once access must be continuously justified, the old boundary between human identity, NHI, and workload access becomes less defensible. Practitioners should treat Zero Trust as an identity governance operating model, not a slogan.

A question worth separating out:

Q: Who is accountable when AI-assisted decisions affect public services?

A: Accountability sits with the agency that approves the workflow, the teams that control access to data and models, and the owners of the business process being automated. If the system cannot produce traceable evidence for a decision, accountability is incomplete. That is why audit logs, policy rules, and data lineage must be part of the operating model.

👉 Read our full editorial: Zero trust and AI are converging in cyber resilience strategy



   
ReplyQuote
Share: