For years, traditional rules-based identity and access management (IAM) systems have been the primary means used by organizations to control identities, access and compliance. The emergence of distributed applications (on-premises, cloud and mobile), mobile workforces and fast-moving business priorities have generated a massive increase in the number identities and access requests that need to be monitored for potential security threats.
The sheer scale of today's IAM requirements has evolved beyond the scope of rules-based systems.
A new model, analyst firm Gartner calls Identity Analytics (IdA), provides a risk-based approach for managing system identities and access. Instead of static rules, IdA uses dynamic risk scores and advanced analytics to derive key indicators for automating account provisioning, de-provisioning, authentication and privileged access management. IdA enables organizations to implement intelligent IAM that can keep pace with rapidly changing business needs as companies pursue digital transformation.
What is IdA
IdA automates the detection of access risks, access outliers, excess access, shared high privileged access (HPA) accounts, as well as, orphan and dormant accounts. It reduces the attack surface area for identities by replacing roles defined using manual processes and legacy rules, with machine-learning-based intelligent roles.
Intelligent roles are algorithmically derived by harvesting and processing data from existing accounts and access activity based on dynamic peer groups to identify common role factors for each individual user or device.
IdA also replaces manual identity management processes, improves and often automates provisioning, and also scrubs identity as an access plane for compliance and audits. Managing identities traditionally involved an unwieldy manual process of visually reviewing spreadsheets filled with both granted access privileges and access events.
Clearly, this is a human-error-prone model. IdA instead uses machine learning to expose anomalous access and provides the opportunity to implement risk-based access certifications to reduce rubber-stamping. This ensures scarce human resources are only used in high risk access scenarios, while all others are automated.
How does IdA Reduce Risk
Detecting IAM risks across on-premises, cloud and mobile enterprise applications is no longer feasible using traditional rules-based and manually intensive processes. IdA's ability to apply machine learning analytics and risk scoring to massive volumes of identity data and access activity provides several benefits, including:
- Reducing the identity attack surface by identifying (for remediation) unnecessary, unused and outlier access.
- Discovering undocumented or unvaulted high privileged access (HPA) rights assigned to regular, non-privileged, accounts.
- Accurately measuring and reporting on user, account, entitlement, application, departmental, and organization risk posture.
- Centralizing governance, visibility and reporting for access-based risk.
According to the 2017 Verizon Data Breach Investigation Report, 81 percent of all breaches leveraged a weak or stolen password. Using IdA to discover and eliminate unnecessary or excessive access associated with enterprise identities can significantly limit the damage if a user's credentials are stolen.