Despite significant innovation and investment in access management programs, large organizations continue to struggle with manual self-attestation processes like certifications, access approvals, and control verifications. These manual processes often fulfill compliance requirements but fail to meaningfully reduce risk. As a result, IAM teams find themselves consumed by audit and regulatory demands, leaving little bandwidth to address critical cybersecurity challenges.

At Capital One, we set out to change this dynamic using data and analytics. By developing cutting-edge products powered by AI and machine learning (ML), we have automated access decision-making in real-time. However, ML models are only as good as the data they rely on. To address this, we invested heavily in building a robust, large-scale data infrastructure capable of ingesting, curating, and correlating logs in real time with identities and assets. This foundation enables our AI/ML models to function effectively and accurately.

Additionally, we leveraged language models to create features  which significantly enhance the access experience by making secure actions easier and more intuitive. In this session, we will share our journey—from securing leadership buy-in to implementation and analysis—demonstrating how data-driven automation can transform access management.