In this blog, I will talk about how you can add analytics to your IGA infrastructure. Before we go into details on how analytics will help organizations to proactively reduce Identity and access related risks, let us look at why we need Identity analytics and what analysts are saying on why organizations should prioritize analytics when adopting IGA.
Why do we need Identity Analytics
Increased adoption of Cloud, IoT, mobile, and digital business initiatives have extended the surface and complexity of the identity and access management (IAM) environment. With millions of access privileges to manage across thousands of users and hundreds of applications, organizations are struggling to keep their access-related risk in check. In this digital environment, the ability to gather data, analyze that information, and detect identity-related risks has extended beyond human capacity. The lack of visibility into access risk leads to security risks, operational inefficiency, loss of data, and failure to comply with regulatory standards. Refer to How Analytics Can Help You Better Understand Access Risks for detailed use cases.
As per Gartner, 50% of IGA deployments are in distress with cost overruns, delays, and even failure to deliver value to organizations. Existing IGA deployments, that have prioritized provisioning over other IGA capabilities are taking longer to show tangible value to IAM leaders. Hence Gartner recommends prioritizing analytics when starting new IGA projects to identify high IAM risks such as dormant accounts and excessive privileges. IAM leaders can show identity and access risk mitigation benefits showing good ROI earlier in IGA deployment by identifying high-risk applications to onboard first or by defining roles to close the highest IAM risk gaps first.
Even though organizations with mature IGA capabilities often struggle to show value in terms of improving their Identity and Access management risk posture and experience certification fatigue and other symptoms of distressed project. Often there is an excessive focus on automation instead of focusing broader value proposition that modern IGA tools can deliver from analytics standpoint. Such projects may end up nearly automating inefficient processes. Hence IGA deployment needs to shift from administering compliance to real-time Identity and risk management dashboard. Gartner recommends that use analytics optimize IGA deployment by applying continuous monitoring capabilities to add real-time insights and risk mitigation capabilities to IGA initiatives.
Now let us dive into understanding what is risk and how identity analytics can provide better security insights, increased operational efficiency, and quicker response time.
What are “Access Risks”
Where are the access risks? How can access expose the organization to risk – either intentionally or unintentionally. Risk starts happening as people move throughout the organization. When you onboard a user, and they request access to certain applications, you run the risk of granting excessive access rights and over-entitling the user. Due to human error, or negligence, or a compromised account – this excessive access can be used to cause harm.
When a user leaves the organization, there is a risk of creating a dormant account. An enabled account with no activity is an access point for either the ex-employee to get back in with unauthorized access, or the account can be hijacked by an external hacker.
Then when it’s time to recertify entitlements – there’s a risk that the recertification process doesn’t properly identify the things that need to be removed, so over entitlements are perpetuated and remain as is. These are obvious gaps that present risks and opportunities to be exploited.
Identity Analytics helps to get visibility into such access risks by applying big data, machine learning, and artificial intelligence technologies to consume and analyze vast amounts of data to generate actionable intelligence. These insights help organizations to detect and respond to access risks more quickly. For example, IAM Admin can view outlier accesses based on peer group analysis and proactively send them for certification. Additionally, these risk insights also help to optimize IAM processes to be truly risk-aware.
How IBM can help our customers
Identity analytics which is available as part of IBM Security Verify that enables organizations to proactively reduce Identity and access related risks. It can take input from extensive data sources including users, their accesses, what are they doing with those accesses. It can correlate the information and learn from data to provide actionable insights.
Currently, the platform has out of box support for IBM Security Identity Manager (ISIM) and Identity Governance and Intelligence (IGI). Peer group analysis helps to identify outlier entitlements. These entitlements are the ones that do not align with peers. With the help of machine learning, the Identity Analytics platform can find out attributes which predict entitlements. Additionally, it uses a combination of machine learning and commonality analysis to identify outlier accesses along with reasoning on why access is an outlier. Identifying excessive privileges is very important to optimize accesses before starting IGA Deployment or periodically for an existing deployment.
Typically, an organization can have security tools that could be IBM or non-IBM or internally developed. Identity Analytics platform can be extended to take feed from such heterogeneous tools, to capture the organization-specific notion of risk and to implement custom remediations for those risks. Here are some more details on various extensibility points and how it can be used. I will provide more details on these in subsequent blogs.
|
Description
|
|
Data feed agents
|
Connector pulls data from the custom data sources and can push data to Identity analytics platform.
|
|
Correlator Configurations
|
It defines how data can be correlated across multiple data sources
|
|
Custom Policies
|
Enables platform to capture the customer-specific notion of risk.
|
|
Custom actions
|
Custom action enables proactive remediation of risk to custom tools.
|
Additional Links:
Product Documentation: here
Demo - Mitigate Access Risks with Identity Analytics from IBM Security Verify
#Featured-area-2-home
#Featured-area-2#Highlights-home#Highlights