How Analytics Can Help You Better Understand Access Risks

Cloud, the Internet of Things (IoT), mobile and digital business initiatives have broadened the surface and increased the complexity of identity and access management (IAM) environments. With millions of entitlements to manage across thousands of users and hundreds of applications, organizations are struggling to keep their access risks in check.

Today’s environments have become so complex that no reasonable IAM professional — no matter how talented — could feasibly gather, analyze and detect every relevant access-related risk factor. This lack of insight is leading to security risks, operational inefficiencies, loss of data and failure to comply with regulatory standards.

A modern approach to identity demands not only strong access controls and governance, but also a high level of risk awareness. Old-school, rules-based approaches to policy management for access controls, identity management and data governance can’t effectively pinpoint the new types of suspicious and harmful activities that are occurring in large and complex environments. Instead, organizations must consider an analytics-based approach that simplifies the demands placed on IAM professionals.

The Identity Analytics Imperative

A typical IAM system contains basic information about who users are and what they can access. However, this data isn’t sufficient to provide an accurate picture of access-related risks. To get a holistic view of access risks, you must obtain information about what users are really doing with their access privileges.

This means incorporating data from a vast array of other sources, such as data access governance, content-aware data loss prevention, security intelligence and event monitoring (SIEM), and database monitoring systems, as well as application, web, network, database and endpoint logs. By gathering data from various sources, advanced analytics techniques can create a holistic view of the managed environment and provide a 360-degree view of access risks. This is known as identity analytics, a process that employs big data, machine learning and artificial intelligence (AI) technologies to consume and analyze vast amounts of data and distill that data into actionable intelligence, allowing organizations to detect and respond to access risk more quickly.

View the webinar

Using Baselines to Understand the Abnormal

Identity analytics enable administrators to be more proactive instead of reactive with continuous monitoring of the identity environment. It builds behavioral baselines of normal user activity and then detects anomalies from those baselines.

Typical user activities, such as requesting access to applications, logging into applications and accessing data in file sharing systems, are normal in isolation but would raise a flag when done at an unusually high volume or frequency. With an understanding of baseline and abnormal behavior, organizations can achieve better compliance with meaningful and actionable insights about user activity at each stage of the user access life cycle.

The diagram below illustrates the stages users go through when joining a business workforce and obtaining access to the tools and assets necessary to do their job. The IAM life cycle also includes stages to ensure that employees maintain appropriate access as they move within the organization, with access being revoked or changed when they separate or change roles.

In each phase, identity analytics data increases risk awareness and responsiveness, provides richer contextual user experiences and informs behavioral-based access policies. It bridges the gap between administrative controls and runtime activities, enabling administrators to get a clearer picture of how users are actually utilizing their access. With identity analytics, IAM teams can detect suspicious user activity, remediate inappropriate access and adjust access policies as necessary.

The lifecycle of user access, from request to recertification

Identity analytics leverage machine learning and application usage data to make access policies and role recommendations that are based on user behavior and data usage — not merely on assigned entitlements or entitlement histories. These recommendations can provide IAM teams with a more accurate snapshot of policy and minimize the proliferation of unnecessary entitlements.

The Added Value of Artificial Intelligence

AI technology can make identity analytics an even more robust tool. With AI, identity analytics can automatically predict trends and behaviors, identify what may potentially happen and make recommendations for corrective action. It is a self-learning system that uses data mining and machine learning techniques to generate not just answers, but hypotheses, evidence-based reasoning and recommendations for improved decision-making in real time.

Cognitive systems use analysis methods such as machine learning, clustering, graph mining and entity relationship modeling to identify potential threats. For example, cognitive identity analytics systems can learn personality traits from users’ messages, blogs, emails and social data, and then use those traits to predict whether certain users could be potential insider threats. This analysis, combined with users’ activity and access patterns, can help raise the alarm for system admins and then suggest possible actions they could take to address the concern.

Identity analytics makes IAM smarter by enhancing existing processes with a rich set of user activity and event data, peer group analysis, anomaly detection, and real-time monitoring and alerting. The net result is improved compliance and reduced risk.

Using identity analytics can help your organization embrace the future of IAM — a future that’s smarter, more effective and more secure.

Read the Forrester report

Are you interested in expanding your identity and access Management (IAM) solutions to include identity analytics? IBM Cloud Identity includes a multipurpose analytics engine that processes activity and entitlement data from a variety of sources, providing a 360-degree view of access risks with the ability to take action based on those risk insights.

The analytics portion of Cloud Identity is currently in beta and open to existing Identity Governance and Intelligence (IGI) and IBM Security Identity Manager (ISIM) customers to trial. For more information, or to get involved in this beta program, please contact Erika Weiler, Offering Manger for IAM at IBM Security.

Sridhar Muppidi

IBM Fellow, VP & CTO IBM Security

Dr. Sridhar Muppidi is an IBM Fellow and Chief Technology Officer in IBM Security Systems. He leads the technical...