Cloud, the Internet of Things (IoT), mobile and digital business initiatives have broadened the surface and increased the complexity of identity and access management (IAM) environments. With millions of entitlements to manage across thousands of users and hundreds of applications, organizations are struggling to keep their access risks in check.

Today’s environments have become so complex that no reasonable IAM professional — no matter how talented — could feasibly gather, analyze and detect every relevant access-related risk factor. This lack of insight is leading to security risks, operational inefficiencies, loss of data and failure to comply with regulatory standards.

A modern approach to identity demands not only strong access controls and governance, but also a high level of risk awareness. Old-school, rules-based approaches to policy management for access controls, identity management and data governance can’t effectively pinpoint the new types of suspicious and harmful activities that are occurring in large and complex environments. Instead, organizations must consider an analytics-based approach that simplifies the demands placed on IAM professionals.

The Identity Analytics Imperative

A typical IAM system contains basic information about who users are and what they can access. However, this data isn’t sufficient to provide an accurate picture of access-related risks. To get a holistic view of access risks, you must obtain information about what users are really doing with their access privileges.

This means incorporating data from a vast array of other sources, such as data access governance, content-aware data loss prevention, security intelligence and event monitoring (SIEM), and database monitoring systems, as well as application, web, network, database and endpoint logs. By gathering data from various sources, advanced analytics techniques can create a holistic view of the managed environment and provide a 360-degree view of access risks. This is known as identity analytics, a process that employs big data, machine learning and artificial intelligence (AI) technologies to consume and analyze vast amounts of data and distill that data into actionable intelligence, allowing organizations to detect and respond to access risk more quickly.

View the webinar

Using Baselines to Understand the Abnormal

Identity analytics enable administrators to be more proactive instead of reactive with continuous monitoring of the identity environment. It builds behavioral baselines of normal user activity and then detects anomalies from those baselines.

Typical user activities, such as requesting access to applications, logging into applications and accessing data in file sharing systems, are normal in isolation but would raise a flag when done at an unusually high volume or frequency. With an understanding of baseline and abnormal behavior, organizations can achieve better compliance with meaningful and actionable insights about user activity at each stage of the user access life cycle.

The diagram below illustrates the stages users go through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organization, with access being revoked or changed when they separate or change roles.

In each phase, identity analytics data increases risk awareness and responsiveness, provides richer contextual user experiences and informs behavioral-based access policies. It bridges the gap between administrative controls and runtime activities, enabling administrators to get a clearer picture of how users are actually utilizing their access. With identity analytics, IAM teams can detect suspicious user activity, remediate inappropriate access and adjust access policies as necessary.

Identity analytics leverage machine learning and application usage data to make access policies and role recommendations that are based on user behavior and data usage — not merely on assigned entitlements or entitlement histories. These recommendations can provide IAM teams with a more accurate snapshot of policy and minimize the proliferation of unnecessary entitlements.

The Added Value of Artificial Intelligence

AI technology can make identity analytics an even more robust tool. With AI, identity analytics can automatically predict trends and behaviors, identify what may potentially happen and make recommendations for corrective action. It is a self-learning system that uses data mining and machine learning techniques to generate not just answers, but hypotheses, evidence-based reasoning and recommendations for improved decision-making in real time.

Cognitive systems use analysis methods such as machine learning, clustering, graph mining and entity relationship modeling to identify potential threats. For example, cognitive identity analytics systems can learn personality traits from users’ messages, blogs, emails and social data, and then use those traits to predict whether certain users could be potential insider threats. This analysis, combined with users’ activity and access patterns, can help raise the alarm for system admins and then suggest possible actions they could take to address the concern.

Identity analytics makes IAM smarter by enhancing existing processes with a rich set of user activity and event data, peer group analysis, anomaly detection, and real-time monitoring and alerting. The net result is improved compliance and reduced risk.

Using identity analytics can help your organization embrace the future of IAM — a future that’s smarter, more effective and more secure.

Read the Forrester report

Are you interested in expanding your identity and access Management (IAM) solutions to include identity analytics? IBM Cloud Identity includes a multipurpose analytics engine that processes activity and entitlement data from a variety of sources, providing a 360-degree view of access risks with the ability to take action based on those risk insights.

The analytics portion of Cloud Identity is currently in beta and open to existing Identity Governance and Intelligence (IGI) and IBM Security Identity Manager (ISIM) customers to trial. For more information, or to get involved in this beta program, please contact Erika Weiler, Offering Manger for IAM at IBM Security.

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today