AI-Driven Access Review Architecture for Scalable Identity Governance in Modern Enterprises

Authors

  • Bhanu Sri Katta

DOI:

https://doi.org/10.22399/ijcesen.3176

Keywords:

Identity and Access Management, Identity Governance and Administration, Access Certification, Artificial Intelligence (AI), Machine Learning, Segregation of Duties (SoD), Risk-Based Access Control

Abstract

Identity and Access Management (IAM) is defined as a critical discipline in cybersecurity, designed to ensure that appropriate access is granted to individuals based on organizational policies and user roles [15]. As digital ecosystems expand and threats grow more sophisticated, the relevance of IAM is increasingly acknowledged across enterprises and governments alike. Access reviews, positioned as a fundamental component of IAM and Identity Governance and Administration (IGA), are required to validate whether users retain the correct access over time. Traditionally, these reviews have been conducted manually, often resulting in inefficiencies, oversight, and compliance risks. To address these limitations, the integration of artificial intelligence into access review processes is being explored. In this paper, the concept of AI-driven access reviews is introduced and examined as a transformative approach to automating decision-making, detecting access anomalies, and enhancing policy enforcement. Emphasis is placed on how machine learning, behavioural analysis, and contextual risk scoring can be applied to optimize review cycles and reduce human error. Multiple methodologies for implementing AI in access reviews are evaluated, and the potential impact of these advancements on future IAM strategies is discussed in detail.

References

[1] Bertino, E., Li, N., & Yang, Z. (2018). Risk-adaptive access control systems. IEEE Internet Computing, 22(5), 46–54.

[2] Sharma, A., & Joshi, S. (2021). A machine learning-based framework for access control optimization. IEEE Transactions on Dependable and Secure Computing, 18(4), 1231–1244.

[3] Wang, L., Huang, D., & Xu, C. (2020). Risk-adaptive access governance in the cloud. In Proceedings of the IEEE International Conference on Cloud Computing (pp. 255–262).

[4] NIST. (2020). Security and privacy controls for information systems and organizations (NIST SP 800-53 Rev. 5). U.S. Department of Commerce.

[5] Iqbal, A., Shahzad, F., & Baig, A. (2020). Applications of machine learning in cybersecurity: A review. IEEE Access, 8, 112176–112199.

[6] Saviynt. (2022). Next-generation identity governance: Whitepaper.

[7] Takabi, H., Joshi, J. B. D., & Ahn, G. (2021). Security and privacy challenges in cloud computing. IEEE Security & Privacy, 8(6), 24–31.

[8] SailPoint. (2023). AI-driven identity security for modern enterprises: Whitepaper.

[9] Samarati, M., & de Capitani di Vimercati, P. (2019). Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design V (pp. 137–196). Springer.

[10] IBM. (2022). Artificial intelligence for identity and access management. Retrieved from https://www.ibm.com/security/identity-access-management/ai

[11] Jajodia, S., Samarati, P., Sapino, M. L., & Subrahmanian, V. S. (2001). Flexible support for multiple access control policies. ACM Transactions on Database Systems, 26(2), 214–260.

[12] Xu, C., Chen, Y., & Ren, K. (2015). Privacy-aware access control with accountability support for cloud storage. IEEE Transactions on Information Forensics and Security, 10(6), 1189–1204.

[13] Ferraiolo, D., Sandhu, R., Gavrila, S., Kuhn, D. R., & Chandramouli, R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3), 224–274.

[14] Loukas, G. (2021). Cyber-physical attacks and defenses in the smart grid: A survey. IEEE Access, 9, 29641–29659.

[15] Ghadge, N. (2024). Enhancing threat detection in identity and access management (IAM) systems. SSRN. https://ssrn.com/abstract=4847840 or http://dx.doi.org/10.2139/ssrn.4847840

[16] Journal of Computer Science IJCSIS. (2025). Identity threat detection and response (ITDR): The next big thing in cybersecurity. International Journal of Computer Science and Information Security, 23(3), 1–12. https://doi.org/10.5281/ZENODO.15381861

[17]Olola, T. M., & Olatunde, T. I. (2025). Artificial Intelligence in Financial and Supply Chain Optimization: Predictive Analytics for Business Growth and Market Stability in The USA. International Journal of Applied Sciences and Radiation Research, 2(1). https://doi.org/10.22399/ijasrar.18

[18]R. Vidhya, D. Lognathan, S, S., P.N. Periyasamy, & S. Sumathi. (2025). Anomaly Detection in IoT Networks Using Federated Machine Learning Approaches. International Journal of Computational and Experimental Science and Engineering, 11(3). https://doi.org/10.22399/ijcesen.2485

[19]Shanmugam Muthu, R S, N., A. Tamilarasi, Ahmed Mudassar Ali, S, S., & S. Jayapoorani. (2025). AI-Powered Predictive Digital Twin Platforms for Secure Software-Defined IoT Networks. International Journal of Computational and Experimental Science and Engineering, 11(3). https://doi.org/10.22399/ijcesen.2497

[20]Ibeh, C. V., & Adegbola, A. (2025). AI and Machine Learning for Sustainable Energy: Predictive Modelling, Optimization and Socioeconomic Impact In The USA. International Journal of Applied Sciences and Radiation Research, 2(1). https://doi.org/10.22399/ijasrar.19

[21]Fowowe, O. O., & Agboluaje, R. (2025). Leveraging Predictive Analytics for Customer Churn: A Cross-Industry Approach in the US Market. International Journal of Applied Sciences and Radiation Research, 2(1). https://doi.org/10.22399/ijasrar.20

[22]Makin , Y., & Pavan K Gondhi. (2025). A Quantitative Framework for Portfolio Governance Using Machine Learning Techniques. International Journal of Computational and Experimental Science and Engineering, 11(3). https://doi.org/10.22399/ijcesen.2474

[23]Hafez, I. Y., & El-Mageed, A. A. A. (2025). Enhancing Digital Finance Security: AI-Based Approaches for Credit Card and Cryptocurrency Fraud Detection. International Journal of Applied Sciences and Radiation Research, 2(1). https://doi.org/10.22399/ijasrar.21

Downloads

Published

2025-07-03

How to Cite

Sri Katta, B. (2025). AI-Driven Access Review Architecture for Scalable Identity Governance in Modern Enterprises. International Journal of Computational and Experimental Science and Engineering, 11(3). https://doi.org/10.22399/ijcesen.3176

Issue

Vol. 11 No. 3 (2025): IJCESEN

Section

Research Article

License

Copyright (c) 2025 International Journal of Computational and Experimental Science and Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.