Cloud, the Internet of Things (IoT), mobile and digital business initiatives have broadened the surface and increased the complexity of identity and access management (IAM) environments. With millions of entitlements to manage across thousands of users and hundreds of applications, organizations are struggling to keep their access risks in check.

Today’s environments have become so complex that no reasonable IAM professional — no matter how talented — could feasibly gather, analyze and detect every relevant access-related risk factor. This lack of insight is leading to security risks, operational inefficiencies, loss of data and failure to comply with regulatory standards.

A modern approach to identity demands not only strong access controls and governance, but also a high level of risk awareness. Old-school, rules-based approaches to policy management for access controls, identity management and data governance can’t effectively pinpoint the new types of suspicious and harmful activities that are occurring in large and complex environments. Instead, organizations must consider an analytics-based approach that simplifies the demands placed on IAM professionals.

The Identity Analytics Imperative

A typical IAM system contains basic information about who users are and what they can access. However, this data isn’t sufficient to provide an accurate picture of access-related risks. To get a holistic view of access risks, you must obtain information about what users are really doing with their access privileges.

This means incorporating data from a vast array of other sources, such as data access governance, content-aware data loss prevention, security intelligence and event monitoring (SIEM), and database monitoring systems, as well as application, web, network, database and endpoint logs. By gathering data from various sources, advanced analytics techniques can create a holistic view of the managed environment and provide a 360-degree view of access risks. This is known as identity analytics, a process that employs big data, machine learning and artificial intelligence (AI) technologies to consume and analyze vast amounts of data and distill that data into actionable intelligence, allowing organizations to detect and respond to access risk more quickly.

View the webinar

Using Baselines to Understand the Abnormal

Identity analytics enable administrators to be more proactive instead of reactive with continuous monitoring of the identity environment. It builds behavioral baselines of normal user activity and then detects anomalies from those baselines.

Typical user activities, such as requesting access to applications, logging into applications and accessing data in file sharing systems, are normal in isolation but would raise a flag when done at an unusually high volume or frequency. With an understanding of baseline and abnormal behavior, organizations can achieve better compliance with meaningful and actionable insights about user activity at each stage of the user access life cycle.

The diagram below illustrates the stages users go through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organization, with access being revoked or changed when they separate or change roles.

In each phase, identity analytics data increases risk awareness and responsiveness, provides richer contextual user experiences and informs behavioral-based access policies. It bridges the gap between administrative controls and runtime activities, enabling administrators to get a clearer picture of how users are actually utilizing their access. With identity analytics, IAM teams can detect suspicious user activity, remediate inappropriate access and adjust access policies as necessary.

Identity analytics leverage machine learning and application usage data to make access policies and role recommendations that are based on user behavior and data usage — not merely on assigned entitlements or entitlement histories. These recommendations can provide IAM teams with a more accurate snapshot of policy and minimize the proliferation of unnecessary entitlements.

The Added Value of Artificial Intelligence

AI technology can make identity analytics an even more robust tool. With AI, identity analytics can automatically predict trends and behaviors, identify what may potentially happen and make recommendations for corrective action. It is a self-learning system that uses data mining and machine learning techniques to generate not just answers, but hypotheses, evidence-based reasoning and recommendations for improved decision-making in real time.

Cognitive systems use analysis methods such as machine learning, clustering, graph mining and entity relationship modeling to identify potential threats. For example, cognitive identity analytics systems can learn personality traits from users’ messages, blogs, emails and social data, and then use those traits to predict whether certain users could be potential insider threats. This analysis, combined with users’ activity and access patterns, can help raise the alarm for system admins and then suggest possible actions they could take to address the concern.

Identity analytics makes IAM smarter by enhancing existing processes with a rich set of user activity and event data, peer group analysis, anomaly detection, and real-time monitoring and alerting. The net result is improved compliance and reduced risk.

Using identity analytics can help your organization embrace the future of IAM — a future that’s smarter, more effective and more secure.

Read the Forrester report

Are you interested in expanding your identity and access Management (IAM) solutions to include identity analytics? IBM Cloud Identity includes a multipurpose analytics engine that processes activity and entitlement data from a variety of sources, providing a 360-degree view of access risks with the ability to take action based on those risk insights.

The analytics portion of Cloud Identity is currently in beta and open to existing Identity Governance and Intelligence (IGI) and IBM Security Identity Manager (ISIM) customers to trial. For more information, or to get involved in this beta program, please contact Erika Weiler, Offering Manger for IAM at IBM Security.

More from Artificial Intelligence

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Tackling Today’s Attacks and Preparing for Tomorrow’s Threats: A Leader in 2022 Gartner® Magic Quadrant™ for SIEM

Get the latest on IBM Security QRadar SIEM, recognized as a Leader in the 2022 Gartner Magic Quadrant. As I talk to security leaders across the globe, four main themes teams constantly struggle to keep up with are: The ever-evolving and increasing threat landscape Access to and retaining skilled security analysts Learning and managing increasingly complex IT environments and subsequent security tooling The ability to act on the insights from their security tools including security information and event management software…

4 Ways AI Capabilities Transform Security

Many industries have had to tighten belts in the "new normal". In cybersecurity, artificial intelligence (AI) can help.   Every day of the new normal we learn how the pandemic sped up digital transformation, as reflected in the new opportunities and new risks. For many, organizational complexity and legacy infrastructure and support processes are the leading barriers to the effectiveness of their security.   Adding to the dynamics, short-handed teams are overwhelmed with too much data from disparate sources and…

What’s New in the 2022 Cost of a Data Breach Report

The average cost of a data breach reached an all-time high of $4.35 million this year, according to newly published 2022 Cost of a Data Breach Report, an increase of 2.6% from a year ago and 12.7% since 2020. New research in this year’s report also reveals for the first time that 83% of organizations in the study have experienced more than one data breach and just 17% said this was their first data breach. And at a time when…