IBM Verify

 View Only

Harnessing Intelligent Digital Identity Risk Management with Identity and Access Management

By Scott Andrews posted Wed December 18, 2019 09:28 AM

  

A large number of organizations are now off-loading Identity and Access Management (IAM) workloads to vendors with Software-as-a-Service (SaaS) operating models. While the move could be influenced by operating costs, it also has a bearing on the IAM space requiring specialized skills and continuous upgrades in order to mitigate cyber-security threats. Additionally, many critical business applications that are difficult to, or cannot be transitioned to cloud remain in traditional deployment patterns including on-premise. These applications also require specialised skills and security integration.

 

Depending on business needs, organisations may allow their users to single-sign-on (SSO) to third-party applications. This means that the user’s browser session can now be re-directed to a website hosted by a third-party. Additionally, end-users may be signing-in from a host of devices including mobile or Bring Your Own Device (BYOD). This creates several vulnerabilities which, when not remediated, can potentially lead to data-theft, insecure data access points, DoS attacks, malicious software attacks and other such significant breaches. Every CTO’s nightmare will become a reality without suitable mitigation mechanisms in place.

 

Web based transactions are prone to malicious user attacks and can potentially result in loss of user data and or revenue. A hacker could take over the session and access applications that contain business critical and confidential information. Users can also have their credentials stolen or be subject to phishing or domain-spoofing attacks. Government regulations could now place the onus of securing communications on individual organisations. Consequently, having the capability to detect and mitigate risk is crucial.



  1. User Logs into CI
  2. Trusteer evaluates Risk Profile via Javascripts running in the Browser
  3. CI makes a decision using Trusteer’s Recommendation
  4. User is either two-factor authenticated, denied or allowed access as part of Federated SSO flow.

 

The above diagram represents a CI-Trusteer integration solution for detecting access from new device.

 

For decades IBM has invested heavily in a security-first design paradigm which has been powering enterprise grade security for several of its clients including Fortune 500 companies. IBM Cloud Identity (CI) is a SAAS offering specializing in IAM. IBM Trusteer is another SAAS based solution that specializes in identifying digital risk based on machine learning algorithms powered by AI.

 

IBM addresses risk mitigation for both on-premise and cloud-based solutions. More details can be found in the blog Delivering intelligent digital identity risk management with sophisticated Identity and Access Management.

 

Irrespective of deployment patterns and choice of cloud vendors, IBM Security has solutions for intelligent risk and fraud detection to drive frictionless two-factor authentication for IAM. Establishing digital trust in web security without affecting user experience is easily achieved by design.

 

1 comment
25 views

Permalink

Comments

Fri December 20, 2019 08:18 AM

"This means that the user’s browser session can now be re-directed to a website hosted by a third-party. Additionally, end-users may be signing-in from a host of devices including mobile or Bring Your Own Device (BYOD)"

These and numerous other issues contribute to security being such a major challenge. Offloading to SaaS makes sense, especially when there are constant security threat updates needed.