We live in a world where all users, whether employees, providers, sub-contractors, partners or customers, have become intense consumers of data and IT services. In Asia, Europe, America and beyond, we are all accustomed to signing into our favorite account or application for personal or professional reasons. With the new work-from-home phenomenon, it has become impossible to control the workspace or the circumstances in which the process of accessing the resources of an organization takes place. The users work from home, use resources in the Cloud, and produce data that feeds the internal systems. Flows are multi-directional, the terminals are not controlled, and a large part of the restrictive rules and policies based on historical ways of doing things and which have been in place until now are no longer adapted to the situation.
The only invariable is the user and his digital identity.
Who is he? What is his activity? What data and resources does he have access to, and for what reason? Today, by focusing on identity as a key part of the cybersecurity strategy, the question of how to best protect an organization’s resources and those who use them is being asked again. For a long time, digital identity had been perceived as unchangeable and needed to be secured only once, especially when the authentication process had been reinforced. However, this thinking is outdated and new ways to view the role of identity with regards to cyber risk are being adopted.
With more and more access scenarios and their associated risks such as compromised systems, hacking and fraud, organizations must take an individual approach to these risks. Considering the context, each user identity has its own rights, responsibilities and risk profile. This calls into question several years of Identity and Access Management (IAM) principles which reigned over the standard, rigid management process for all collaborators and players.
Risk management of identites and accounts: identity analytics
In today’s world, organizations must manage identities in a dynamic and flexible manner in order to meet business expectations and adapt to changing circumstances and environments. The adoption of the idea that every access to a resource carries an intrinsic risk is more and more prevalent. Is the resource hack-proof? Are the transactions legitimate? Is the data protected? Understandably, the identity to which the access is attributed as well as the context in which the identity uses the access are decisive factors in weighing the risk. For example,
- Has the Identity accumulated too many permissions or access rights, thus overriding the principle of least privilege?
- Does the Identity have a dangerous mix of rights thereby creating potential conflicts with the principle of segregation of duties (SoD)?
- Has the status, position or department of the Identity been changed, and does this change require a review of its associated rights?
- Does the Identity have rights that are in line with those generally attributed to like colleagues?
It is clear that these questions have to be considered within a context that includes the set of accounts attributed to an identity, their characteristics, and the characteristics of other identities in relation to it. To do this, many different data sources must be correlated and compared, such as technical repositories, organizational details and human resource information.
Additionally, responses can vary over time due to external events which are not detected or handled. Evaluating these risks should be part of a continuous, cyclical process like PDCA:
- PLAN: to gather the data sources to be compared and define the methods to be used in order to monitor the risks to be measured.
- DO: analyze the data and detect any gaps.
- CHECK: the priorities and document the exceptions and compensatory controls.
- ACT: on creating action plans that aim at correcting problems and reducing risk.
In order to effectively manage the risks linked to accounts, a new category of software technology is available: Identity Analytics.
Identity analytics to support IAM, cybersecurity and business lines
Identity analytics is the science of analyzing access data. Identity analytics pulls together intricate and complex software functionalities that absorb, correlate and analyze numerous data sources in order to create a homogeneous, central repository of authorizations for all identities linked to all resources (infrastructure, applications and data).
Two main reasons to use identity analytics today are first, to gather, correlate and report on great amounts of identity data that help to detect risky situations that require immediate attention when aligned with a company’s overall security policy. Secondly, identity analytics focuses on the escalation of uncovered anomalies, highlighting situations that can leave the door open to fraud and breaches such as dormant or orphaned accounts, and the remediation of these issues before they can lead to debilitating circumstances. Additionally, with report and dashboard creation capabilities, those in key management positions can stay informed of any potential cyber risk or threat to their information systems and other key digital environments within the company.
Identity-based cyber risk: the focus of any organization’s security policy
No matter the industry, sector, region or market, the deployment of an identity analytics solution within any enterprise is the first step to protecting a company’s data, resources and assets. However, before any project can be undertaken, the data that is collected and ingested into a solution of this type must be cleaned and its quality impeccable.
As one of the main features of identity analytics, data sanitization is key in providing accurate information based on the repositories, applications and shared files from which it is retrieved. The end result of data that is thoroughly cleaned – and kept clean – is that an organization learns exactly who has access to what resources, how they got it, and if it is legitimate. Basically, it can be considered a road map of an employee’s chain of access, and nothing can be more crucial for making decisions related to identity and account access than this to avoid cyber-attacks and other malicious acts.
The growth and proliferation of such acts has only become worse as hackers and even employees with ill intent become more proficient in utilizing identity as a key means of penetrating even the most protected and bolstered information systems. The proper governance of security policies and other protective measures is nearly impossible without tools that aim to monitor and control the level of risk with which companies of any size are faced in today’s world.
In using solutions such as identity analytics, the risk analysis is an effective yet comprehensible step-by-step process and includes:
- The complete access inventory which is necessary to verify all the accounts and groups that have access to resources, to identify the type of permissions granted and to examine the people to whom they have been given.
- Quantitative control, which analyzes the gaps with regards to the security policy and other rules of the organization. These gaps must be carefully scrutinized so that exceptions can be found, and controls can be adjusted.
- Qualitative control, or learning and visualizing the data, which highlights conflicting or unexpected situations such as privilege breaches or incoherent rights within a team. These clues can be used in the detection of eventual problems.
Risk analysis linked to accounts is a collaborative process implicating:
- those who handle IT security and compliance, who define the rules and verify that the rules have been applied,
- those resource managers who are in charge of the scope of data and systems, and
- those who manage a business line or team and, therefore, the ones who are the best to judge the pertinence of the attributed accounts.
This process of analyzing and handling the risk must be a part of all projects that manage identities, including before, during and after the project finishes. In this way, risks are reduced while advantages are increased.
Make identity analytics a part of your company’s cybersecurity strategy
Beyond Identity and Access Management (IAM) and even Identity Governance and Administration (IGA), the context of the identities incorporated into an identity analytics repository is a wealth of information that is crucial to cybersecurity. More specifically, this information helps to better react and respond to cyber alerts. For example, an employee whose job it is to monitor the adherence to security policy might ask himself, “Who is hiding behind account XYZ123 and why do I detect him downloading gigabytes worth of data? Could it be that employee who was terminated last month and for whom the accounts should have been removed?”
But even more importantly, the identity context can be used to better understand the way the organization works from the overall landscape right down to the individual employee. Who does what, and where? This information is the result of analyzing user access to resources and is complementary to the human resource vision for the company. Behind each job function is a set of rights that can be compared between users, whether or not they are internal employees, external employees or even third-party entities. This information allows organizations to be more resilient and objective in making planning decisions.
Data and resource protection with identity analytics
As access to company resources becomes more pervasive, it is important to utilize identity analytics in support of global security measures by continuing to monitor and control the logical access to infrastructure, data and applications. Using identity analytics to continually track the risks linked to internal movement within an organization, such as hiring, firing and lateral transfers, is the most flexible strategy when dealing with how users, both present and departed, and their associated security risks are managed and handled.
The key to keeping risk at bay and controlling it within an enterprise is to continually monitor it with tools that are available on the market. Being alerted to why risk levels may be increasing within your organization and reacting swiftly to any unusual situations or gaps with security policies is crucial to keeping data, applications, files, networks and infrastructures safe. Vulnerabilities creep in when this risk monitoring is not done on a consistent basis and is not a key element of a company’s security strategy. The most effective way to be successful is to start with the basics: identity analytics. Knowing how has access to what at any given moment in time could be the thing that saves your organization from catastrophic losses and potential demise. The deployment of an identity analytics solution will be the easiest and smartest step you take to combat today’s complex environment of cyber-threat and risk.
