We live in a world where all users, whether employees, providers, sub-contractors, partners or customers, have become intense consumers of data and IT services. Additionally, with the new work-from-home phenomenon, it has become impossible to control the workspace or the circumstances in which the process of accessing the resources of an organization takes place. The users work from home, use resources in the Cloud, and produce data that feeds the internal systems. Flows are multi-directional, the terminals are not controlled, and a large part of the restrictive rules which have been in place until now are no longer adapted to the situation.
The only invariable is the user and his digital identity
Who is it? What is his activity? What data and resources does he have access to, and for what reason? Today, by focusing on identity as a key part of the cybersecurity strategie, the question of how to best protect an organization’s resources and those who use them is being asked again. For a long time, digital identity had been perceived as unchangeable and needed to be secured only once, especially when the authentication process had been reinforced. However, this thinking is outdated.
With more and more access scenarios and their associated risks such as compromised systems, hacking and fraud, organizations must introduce an individual approach to these risks. Taking into account the context, each user identity has its own rights, responsibilities and risk profile. This brings into question several years of IAM principles which reigned over the standard, rigid management process for all collaborators.
RISK MANAGEMENT OF IDENTITIES AND ACCOUNTS: IDENTITY ANALYTICS
In today’s world, organizations must manage identities in a dynamic and flexible manner in order to meet business expectations and adapt to changing circumstances and environments. Every access to a resource carries an intrinsic risk. Is the resource hack-proof? Are the transactions legitimate? Is the data protected? Understandably, the identity to which the access is attributed as well as the context in which the identity uses the access are decisive factors in weighing the risk.
- Has the Identity accumulated too many permissions or access rights (the principle of least privilege)?
- Does the Identity have a dangerous mix of rights (principle of segregation of duties)?
- Has the status, position or organization of the Identity been changed, and does this change require a review of its associated rights?
- Does the Identity have rights that are in line with those generally attributed to like colleagues?
It is clear that these questions have to be taken into a context that includes the set of accounts attributed to an identity, their characteristics, and the characteristics of other identities in relation to it. To do this, many different data sources must be correlated and compared, such as technical repositories, organizational details and human resource information.
Additionally, responses can vary over time due to external events which are not detected or handled. Evaluating these risks should be part of a continuous, cyclical process like PDCA:
- PLAN: to gather the data sources to be compared and define the methods to be used in order to monitor the risks to be measured.
- DO: analyze the data and detect any gaps.
- CHECK: the priorities and document the exceptions and compensatory controls.
- ACT: on creating action plans that aim at correcting problems and reducing risk.
In order to effectively manage the risks linked to accounts, a new category of software technology is available: Identity Analytics.
IDENTITY ANALYTICS TO SUPPORT IAM, CYBERSECURITY AND BUSINESS LINES
Identity Analytics is the science of analyzing access data. Identity Analytics pulls together software functionalities that absorb, correlate and analyze several data sources in order to create a homogenous central repository of authorizations for all identities linked to all resources (infrastructure, applications and data).
This risk analysis is a step-by-step process:
- The complete access inventory which is necessary to verify all the accounts and groups that have access to resources, identify the type of permissions granted as well as examine the people to whom they have been given.
- Quantitative control, which analyzes the gaps in regards to the security policy and other rules of the organization. These gaps must be carefully scrutinized so that exceptions can be found and controls can be adjusted.
- Qualitative control, by learning or visualizing the data, which highlights conflicting or unexpected situations such as privilege breeches or incoherent rights within a team. These clues can be used to detect eventual problems.
Risk analysis linked to accounts is a collaborative process implicating:
- those who handle IT Security and compliance, who define the rules and verify that the rules have been applied
- those resource managers who are in charge of the scope of data and systems
- those who manage a business line or team and, therefore, the ones who are the best to judge the pertinence of the attributed accounts
This process of analyzing and handling the risks must be a part of all projects that manage identities, meaning, before, during and after the project finishes. In this way, risks are reduced while advantages are increased.
Beyond IAM, the context of the identities incorporated into the Identity Analytics repository is a mine of information that is crucial to cybersecurity. More specifically, this information helps to better react and respond to cyber alerts. For example, who is hiding behind account XYZ123 that I see downloading gigabytes worth of data? Is it an employee who was terminated last month and for whom the accounts should have been removed?
But even more importantly, the identity context can be used to better understand the way the organization works from the big picture right down to the individual employee. Who does what, and where?This information is the result of analyzing user access to resources and is complementary to the human resource vision for the company. Behind each job function is a set of rights that can be compared between users whether they are internal employees or not. This information allows organizations to be more resilient and objective in making planning decisions.
As access to company resources becomes more pervasive, it is important to utilize Identity Analytics in support of global security measures by continuing to monitor and control the logical access to infrastructure, data and applications. Using Identity Analytics to continually track the risks and improvements in an organization is the most flexible strategy when dealing with new uses and their associated security risks and is something that will inevitably have to be handled.