For years, identity and access management (IAM) was that painful necessity that businesses knew they had to spend time and resources on, but it was always done kind of grudgingly. Oh, how times have changed! CIOs and CISOs alike have recognized the critical role that identity plays in an overall digital transformation and security program centered around Zero Trust. Businesses are evaluating how they can modernize IAM to address today’s hybrid multicloud challenges.
IAM is all about providing secure, frictionless access for any user to access any resource. In the context of identity, “user” represents a very broad category of people and things. People include privileged users, the workforce at large including employees and contractors, and consumers. Things include servers, service accounts, application programming interfaces (APIs), and even internet of things (IOT) devices. To enjoy a consistently secure and frictionless environment, these users need a common experience regardless of whether the resource they are accessing resides on-premises, or across various public and private clouds.
Organizations understand that this can’t be accomplished with a hodge-podge of identity solutions that only work in specific silos: one solution for access management, another one for governance, another one for privileged users, another one for customers, and so on. At the same time, ripping and replacing all existing IAM solutions is rarely an option that organizations are willing to explore. What if there were a smart, modernized and modular platform that could integrate into the existing environment and provide a consistent, secure experience and the ability to adopt new use cases over time? What would the three key pillars of this solution look like?
Tap Into Contextual Insights
The more an organization can tap into deep contextual insights such as behavioral biometrics, device attributes, user behavior patterns, environmental attributes, and user activity, the less need there is for the friction associated with authentication. A central tenet of Zero Trust approaches is to never trust and to always verify, but a smart identity solution leverages adaptive access that uses artificial intelligence (AI) technology to perform this “always verify” step in the background. AI can be used to help build risk scores, or, as I prefer to call them, “trust scores,” determining the level of trust associated with each user at any particular time.
When these AI capabilities are combined with an access policy engine, they allow the organization to make dynamic decisions based on that trust level. Low-risk accesses can be given a streamlined or even passwordless experience, while high-risk accesses can be challenged with multifactor authentication (MFA) or denied access. Contextual insights allow the verification process to occur continuously and transparently so that the friction associated with MFA is minimized without sacrificing security.
Context in the form of identity analytics can be used to help decision makers make better decisions. Gone are the days of rubber-stamp approvals that are fine for checkbox compliance but actually do nothing to reduce risk in the business. Analytics can be used to get a 360-degree view of access risks and then recommend actions based on those risk insights.
Finally, context is a critical part of a modernized threat management program. The telemetry that identity solutions provide must be integrated for consumption by Security Incident and Event Management (SIEM) solutions. If adaptive access indicates risk is high, incident response cases should be automatically created for follow-up. But the context needs to be bi-directional too so that if remediation is needed, IAM can become a control point. Automated response playbooks should be able to perform remediation tasks such as password resets and account suspension without human intervention.
Make Identity Consumable
Developers need a way to infuse identity capabilities into their applications without being IAM experts. Open source communities provide the ability to easily add authentication to applications and secure services across any cloud. Smart options include alternatives to passwords for strong authentication such as customizable authentication flows for Mobile Push, QRCode, and FIDO registration and authentication.
Smaller growing organizations need to be able to easily consume IAM capabilities. This means having options for microservices-based capabilities delivered through identity as a service (IDaaS) and being able to leverage a variety of identity capabilities via a modular approach. Organizations can benefit from a variety of use cases such as single sign-on, advanced authentication, and identity governance over time via a common platform with a common user experience and workflow.
Comprehensive Capabilities from the Cloud
Supporting the rapid shift of workloads to the cloud necessitates a cloud-based approach to IAM. In order for organizations to truly modernize their identity environments, they need comprehensive capabilities that include access management, identity governance, and privileged access management. The benefits of IDaaS are clear, but too often solutions focus on one aspect of identity or another, rather than delivering holistic capabilities. Another key Zero Trust concept is enforcing the principle of least privilege. Cloud-based access certification enables organizations to stay ahead of compliance requirements by periodically recertifying who should have access to what resources. So, it’s not just about facilitating the access, but ensuring that it is the right access.
Introducing IBM Security Verify – Smart Identity for a Hybrid Multicloud World
IBM is introducing the industry’s most comprehensive identity solution to infuse identity as a key pillar of any Zero Trust strategy.
IBM Security Verify delivers a modernized IAM platform for any organization to:
- Leverage unparalleled context for decisions about who should be able to access what, and combine identity with threat management and incident response.
- Secure applications across any cloud through a common stellar developer experience without requiring IAM expertise.
- Incorporate broad identity workflows, including access management, identity governance, and privileged access management.
IBM empowers organizations to give the right people the right access at the right time, with the design, implementation, and integration expertise to help them at each step of their journey to cloud.
See smart identity in action
Director of Product Management, Zero Trust Strategy Leader, IBM Security
Jason Keenaghan is the Director of Product Management for IBM’s zero trust portfolio. Previously, Jason was responsible for the strategy and delivery of ad...