Identity Analytics: Is it new to you?
The term “identity analytics” may seem vague or totally unknown to some, but it has become a powerful player in the area of cybersecurity. In a nutshell, identity analytics is the science of analyzing access rights. The five key elements of this analysis are the ability to:
- IDENTIFY who works in the company and who has access to what
- CHECK automated verification through policies and recertification
- DETECT anomalies and define the level of risk
- MITIGATE and correct the problems
- RECOMMEND rights to be assigned to users
So why is “identity analytics” the latest buzz word when the subjects of zero-trust and cyber-security risk are broached? That’s easy: because it sits in the middle of today’s most complex issues associated with gaps linked to identity access, whether its users themselves, service or even technical accounts. These gaps are often seen in many activities around Identity and Access Management (IAM) projects when a fine-grained level of detail is lacking.
Identity Analytics and Data Sources
Identity analytics solutions that are worth their salt can easily and effectively handle complicated and disparate access data such as accounts, groups, permissions and logs. They are able to ingest data of all types due to their agnostic nature and, once ingested, can correlate this data prior to analyzing it. The types of access data that can be ingested through connectors, CSV or Excel files are quite varied and include application data such as Active Directory, repositories, HR data and any that have identities that need to be included in the global analysis. As can be imagined, this data gets more and more complex over time, opening the door to a greater amount of potential risk. Fortunately, identity analytics can provide bulk, temporal, and predictive technologies for data analysis.
Shocking Statistics around Access
Some statistics that show the full and true need for identity analytic solutions in today’s digital world include the following. Many companies and managers are unaware that:
- Weak IT controls are a factor in six out of 10 cases of cyber fraud.
- Only 8% of organizations have automated access provisioning tools.
- 43% of former employees admit to logging into their company’s account after having left.
- One-third of organizations have no access control or governance processes.
Identity Analytics at the Heart of an IGA Strategy
Recently, Gartner made an observation about Identity and Access Management (IAM) projects and, more specifically, Identity and Governance Administration (IGA) implementations. Their analysts stated that more than 50% of these projects ran into significant difficulties that were detected during the execution phase.
The inherent complexity of these projects creates a plethora of obstacles that prevents them from being used to the optimal level of efficiency. This is where identity analytics solutions can be deployed to enhance the capabilities of providing actionable and understandable reporting that results in a successful IAM project resolution within a complex environment.
The key areas where identity analytics augments the performance of an IAM / IGA program are:
- Data cleansing and quality
The data integrated into an IAM solution is the foundation of any project. If there are issues with accuracy or missing elements, it becomes almost impossible for IAM processes to run effectively, resulting in unfinished projects or decision-making based on poor or erroneous information. Identity analytics is the first step because the solution will clean the data – and keep it that way – for the life of the project and beyond.
- Ingestion of the totality of a company’s account, application data, and other system data
IAM solutions usually only connect to a percentage of a company’s systems and applications, and this limited coverage provides only partial visibility into access rights and permissions. With a sophisticated identity analytics solution, this problem is solved by identifying and mapping all access rights, no matter the source.
- Compliance with security policies
The first hurdle to jump over in proving compliance for many companies is the one necessary to prove legitimate access rights based on the principles of least-privilege and need-to-know. Identity analytics removes those hurdles by providing a 360° view of identity access, including to whom it was granted, when, by whom and for what reason.
Identity Analytics: How easy is it to manage access?
It may seem that managing access is easy, but is it really? It is much more than a person or identity being assigned to an account or a group. Some of the questions that have to be considered when monitoring access are:
- Is this access justified from an organizational perspective?
- What level of access is needed (administrative, read-only, etc.)?
- Is access justified for this job and its functions?
- Is this access being used, and if so, how?
- And finally, who is responsible for what?
For this reason, it is obvious that the adoption of an identity analytics tool is necessary for covering the entire perimeter of the reach of access throughout an organization. In this way, the identity context is taken into account and accesses are thoroughly analyzed. These analyses help enterprises meet their overall objectives, especially with regards to security policies and cyber risk. The use of dashboards displaying KPIs, IT general controls and even anomalies and gaps is key within the functionality of the identity analytics solution. Its features allow for effective data and access management as well as reduced costs and diminished cyber risk. The illustration below gives a comprehensive understanding of why, in addition to enhancing an IAM project, identity analytics is no longer “nice-to-have” but a critically perceived “must-have.”
Identity Analytics helps with more than just IAM in the organization
Real-Life Customer Use Case
An end customer in the education sector was subjected to the Sarbanes-Oxley (SOX) financial regulations and needed to prove their compliance with it on a yearly basis. The background of the situation prior to utilizing an identity analytics solution looked like this:
- 12,000 relevant application end users for SOX purposes
- Approximately 200 high-privilege users
- Approximately 150 users with access to sensitive infrastructures hosting applications, databases and operating systems.
Some of the issues that they were facing and needed to correct included:
- Partial segregation of duties (SoD) results with many false positives
- Manual user access reviews which did not take into consideration segregation of duties
- Only 3 sensitive applications being monitored.
The diagram below shows how an identity analytics solution was able to, within less than 6 months, clarify the issues and pain points and propose actionable and satisfactory solutions that produced the results that the customer had long been seeking. The end results provided them with monitoring of high-privileged accounts, strength and demonstration of compliance during audit cycles and many more SoD controls. Additionally, automated user access reviews were performed based on business activities for more than 80 applications.
How Brainwave Identity Analytics Works?
Building a Strategy with Identity Analytics
It is best to start by considering three pillars of this strategy:
- Challenges: How do we address resilience, transformation and governance?
- Sources: Origin, format, content and availability? How are accesses currently managed?
- Resources: Who drives the program? Who is accountable? What do the business line managers think?
To determine the best strategy for your organization, here are a few examples of challenges faced by many and their proposed resolutions. By studying them, it will be easy to begin the thought process within your own company to see how much sense it makes to implement and incorporate an identity analytics program for your teams and players.
|#1||Challenge||Audit recommendations around access|
|Solution||Using a tactical approach, target a reduced perimeter to show how identity analytics quickly, efficiently and significantly solves the issues.|
|#2||Challenge||Cost optimization and maturity in a regulated industry|
|Solution||By putting the focus on user access reviews, improved performance and increased productivity can be demonstrated, gaining the support of the business teams who must do them.|
|#3||Challenge||A need for automation|
|Solution||It is easy to earn “quick wins” with identity analytics in the areas of data sanitization, role mining and “smart” access requests using any ticketing system available on the market.|
Identity Analytics Is an Essential Part of An Enterprise-wide Cyber Security Strategy
The objective of this article is to impress upon internal IT, security and business teams how using identity analytics is an essential part of an enterprise-wide cyber security strategy. In simple terms, it is the ability to give the right access to the right identity at the right time for the right reason. If all of this is in line, then the risk related to breaches and other fraudulent activities is greatly diminished.
By taking charge of how your organization looks at and monitors access to resources, it becomes easy to see who has access to what, to see if this access adheres to security policy guidelines, to check for and detect any gaps or anomalies, to remediate any issues that surface as well as to recommend the most effective access that follows the principles of least-privilege and need-to-know. Why not put your company’s collective mind at ease with an identity analytics solution that monitors identity and access across your enterprise? In the long run, you will be glad that you did.