Brainwave GRC Joins The Radiant Logic Group.
Brainwave GRC rejoint le groupe Radiant Logic

Identity Analytics: The Solution for Monitoring Access and Identity Data to Combat Cyber-Threat

Enhance and Improve your IAM

Identity Analytics: Is it new to you?

The term “identity analytics” may seem vague or totally unknown to some, but it has become a powerful player in the area of cybersecurity. In a nutshell, identity analytics is the science of analyzing access rights. The five key elements of this analysis are the ability to:

  • IDENTIFY who works in the company and who has access to what
  • CHECK automated verification through policies and recertification
  • DETECT anomalies and define the level of risk
  • MITIGATE and correct the problems
  • RECOMMEND rights to be assigned to users

So why is “identity analytics” the latest buzz word when the subjects of zero-trust and cyber-security risk are broached? That’s easy: because it sits in the middle of today’s most complex issues associated with gaps linked to identity access, whether its users themselves, service or even technical accounts. These gaps are often seen in many activities around Identity and Access Management (IAM) projects when a fine-grained level of detail is lacking.

Identity Analytics and Data Sources

Identity analytics solutions that are worth their salt can easily and effectively handle complicated and disparate access data such as accounts, groups, permissions and logs. They are able to ingest data of all types due to their agnostic nature and, once ingested, can correlate this data prior to analyzing it. The types of access data that can be ingested through connectors, CSV or Excel files are quite varied and include application data such as Active Directory, repositories, HR data and any that have identities that need to be included in the global analysis. As can be imagined, this data gets more and more complex over time, opening the door to a greater amount of potential risk. Fortunately, identity analytics can provide bulk, temporal, and predictive technologies for data analysis.


Shocking Statistics around Access

Some statistics that show the full and true need for identity analytic solutions in today’s digital world include the following. Many companies and managers are unaware that:

  • Weak IT controls are a factor in six out of 10 cases of cyber fraud.
  • Only 8% of organizations have automated access provisioning tools.
  • 43% of former employees admit to logging into their company’s account after having left.
  • One-third of organizations have no access control or governance processes.


Identity Analytics at the Heart of an IGA Strategy


Recently, Gartner made an observation about Identity and Access Management (IAM) projects and, more specifically, Identity and Governance Administration (IGA) implementations. Their analysts stated that more than 50% of these projects ran into significant difficulties that were detected during the execution phase.

The inherent complexity of these projects creates a plethora of obstacles that prevents them from being used to the optimal level of efficiency. This is where identity analytics solutions can be deployed to enhance the capabilities of providing actionable and understandable reporting that results in a successful IAM project resolution within a complex environment.

The key areas where identity analytics augments the performance of an IAM / IGA program are:

  • Data cleansing and quality
    The data integrated into an IAM solution is the foundation of any project. If there are issues with accuracy or missing elements, it becomes almost impossible for IAM processes to run effectively, resulting in unfinished projects or decision-making based on poor or erroneous information. Identity analytics is the first step because the solution will clean the data – and keep it that way – for the life of the project and beyond.

  • Ingestion of the totality of a company’s account, application data, and other system data
    IAM solutions usually only connect to a percentage of a company’s systems and applications, and this limited coverage provides only partial visibility into access rights and permissions. With a sophisticated identity analytics solution, this problem is solved by identifying and mapping all access rights, no matter the source.

  • Compliance with security policies
    The first hurdle to jump over in proving compliance for many companies is the one necessary to prove legitimate access rights based on the principles of least-privilege and need-to-know. Identity analytics removes those hurdles by providing a 360° view of identity access, including to whom it was granted, when, by whom and for what reason.


Identity Analytics: How easy is it to manage access?

It may seem that managing access is easy, but is it really? It is much more than a person or identity being assigned to an account or a group. Some of the questions that have to be considered when monitoring access are:

  • Is this access justified from an organizational perspective?
  • What level of access is needed (administrative, read-only, etc.)?
  • Is access justified for this job and its functions?
  • Is this access being used, and if so, how?
  • And finally, who is responsible for what?

For this reason, it is obvious that the adoption of an identity analytics tool is necessary for covering the entire perimeter of the reach of access throughout an organization. In this way, the identity context is taken into account and accesses are thoroughly analyzed. These analyses help enterprises meet their overall objectives, especially with regards to security policies and cyber risk. The use of dashboards displaying KPIs, IT general controls and even anomalies and gaps is key within the functionality of the identity analytics solution. Its features allow for effective data and access management as well as reduced costs and diminished cyber risk. The illustration below gives a comprehensive understanding of why, in addition to enhancing an IAM project, identity analytics is no longer “nice-to-have” but a critically perceived “must-have.”

Identity Analytics helps with more than just IAM in the organization

identity analytics illustration


Real-Life Customer Use Case

An end customer in the education sector was subjected to the Sarbanes-Oxley (SOX) financial regulations and needed to prove their compliance with it on a yearly basis. The background of the situation prior to utilizing an identity analytics solution looked like this:

  • 12,000 relevant application end users for SOX purposes
  • Approximately 200 high-privilege users
  • Approximately 150 users with access to sensitive infrastructures hosting applications, databases and operating systems.

Some of the issues that they were facing and needed to correct included:

  • Partial segregation of duties (SoD) results with many false positives
  • Manual user access reviews which did not take into consideration segregation of duties
  • Only 3 sensitive applications being monitored.

The diagram below shows how an identity analytics solution was able to, within less than 6 months, clarify the issues and pain points and propose actionable and satisfactory solutions that produced the results that the customer had long been seeking. The end results provided them with monitoring of high-privileged accounts, strength and demonstration of compliance during audit cycles and many more SoD controls. Additionally, automated user access reviews were performed based on business activities for more than 80 applications.


How Brainwave Identity Analytics Works?

identity analytics power

Building a Strategy with Identity Analytics

Now that the benefits and advantages of relying on identity analytics have been thoroughly explained, what is the best way to proceed with its deployment in your company’s cybersecurity strategy based on access rights compliance with security policies?

It is best to start by considering three pillars of this strategy:

  • Challenges: How do we address resilience, transformation and governance?
  • Sources: Origin, format, content and availability? How are accesses currently managed?
  • Resources: Who drives the program? Who is accountable? What do the business line managers think?

To determine the best strategy for your organization, here are a few examples of challenges faced by many and their proposed resolutions. By studying them, it will be easy to begin the thought process within your own company to see how much sense it makes to implement and incorporate an identity analytics program for your teams and players.

#1 Challenge Audit recommendations around access
Solution Using a tactical approach, target a reduced perimeter to show how identity analytics quickly, efficiently and significantly solves the issues.
#2 Challenge Cost optimization and maturity in a regulated industry
Solution By putting the focus on user access reviews, improved performance and increased productivity can be demonstrated, gaining the support of the business teams who must do them.
#3 Challenge A need for automation
Solution It is easy to earn “quick wins” with identity analytics in the areas of data sanitization, role mining and “smart” access requests using any ticketing system available on the market.


Identity Analytics Is an Essential Part of An Enterprise-wide Cyber Security Strategy

The objective of this article is to impress upon internal IT, security and business teams how using identity analytics is an essential part of an enterprise-wide cyber security strategy. In simple terms, it is the ability to give the right access to the right identity at the right time for the right reason. If all of this is in line, then the risk related to breaches and other fraudulent activities is greatly diminished.

By taking charge of how your organization looks at and monitors access to resources, it becomes easy to see who has access to what, to see if this access adheres to security policy guidelines, to check for and detect any gaps or anomalies, to remediate any issues that surface as well as to recommend the most effective access that follows the principles of least-privilege and need-to-know. Why not put your company’s collective mind at ease with an identity analytics solution that monitors identity and access across your enterprise? In the long run, you will be glad that you did.

More information about identity analytics and IAM

Webinar Recordings

Identity Analytics: Risk Analysis and Predictive Analytics

It is essential to use analytics and controls to highlight risky situations linked to access data.

Identity Analytics: 100% Compliance with User Access Reviews

Identity Analytics allows your teams more efficiency during user access reviews with completion rates that reach 100%.

Identity Analytics – User Access: Get Clean and Stay Clean to reduce Risk

Leave no more gray areas with Identity Analytics. Control access to all your systems and resources to know who can connect to what and how.


Role Mining

Build business roles

Identity Analytics


Brainwave Identity Analytics

With Brainwave Identity Analytics, shed light into the dark corners of your information system and take back control of your user access and permissions in the blink of an eye.

Role Mining

With Role Mining, Brainwave GRC’s experts and partners provide assistance and support throughout the life cycle of any role mining program.

Customer Testimonials

Implementing a Role Mining Project: Customer Experience and Feedback from Wavestone

Learn how Wavestone, a key partner, uses our role mining expertise to be successful in their access reviews and recertifications.

EMEA&APAC Linedata – Jean-Baptiste Brochard

Discover the testimonial of Jean-Baptiste Brochard, Head of Information Security, EMEA&APAC - at Linedata, the gains for Linedata after the ITGCs' automation and access review dashboards implementation with Brainwave GRC.