IT security’s advent: the “identity” concept as key factor
Digital transformation has changed and is changing more and more business processes, job positions as well as many companies’ core activities. In consequence, it has implied a change in the way we mitigate risks.
Risk mitigation has existed long before digital transformation but it mainly relied before on manual processes, spreading risk management across departments – thus relying on silos – and on analyses over samplings. But this risk management is no longer possible with today’s world digital transformation, which often goes too fast for companies to properly adapt to new risks, especially IT risks. They most often have no visibility on what is key: their users’ access rights to their information system, user behaviors as well as existing security breaches.
Financial costs of IT security risks, whether it be data thefts or internal frauds, are continuously rising. According to a 2016 Ponemon Institute study, data leakage costs have risen 30% between 2013 and 2016 in the 12 countries of this survey. Companies are paying at a high cost the rise of cyber risks but what about their investments to prevent these threats and mitigate these risks?
Organizations need to ensure efficient and continuous risk mitigation and detection. They need to know the risks threatening them, including the humpan error risk which is constantly underestimated even though it was the source of 1 out of 4 data breaches in 2016 (2016 Ponemon study).
Companies are becoming more conscious of cyber risks and the need to reduce them through the IT vector but many doubt their capacity to really identify who accessed their sensitive data and applications. Indeed, the main stakes are here: knowing who has access to wgat and who accessed what in your information system. This is about cyber resilience: ensuring both cyber security along with productivity and innovation for companies.
Becoming cyber resilient means focusing on identites, that is individuals. It is both through individuals that secured digital transformation projects can unfold and that the cyber attacks happen. Risk analysis, detection and mitigation need to be built around this identity concept and that is what Identity Analytics is all about.
The rise of Identity Analytics
Digital opportunities should not make you forget that significant risks are generally atatched to them. Let’s take the classic icerberg methaphor. The emerged part of it represents known and visible digital and cyber risks today: ransomwares, virus, etc. But these risks aren’t the most important or threatening. The risks underwater, invisible for most of us, are the most threatening and frequent ones for organizations. You need to target these first and foremost.
With Identity Analytics you are able to answer the question “what resources can these users access, how and how are they using these access rights?” and this is what matters to ensure a secured business environment. It is about conducting in-depth analytics within a contextualized environment, with HR and technical data reconciled. Audit and internal control tasks as well as proper analyses, access reviews and clear reporting processes are at last possible in one unique platform centered on the identity concept.
Regarding digital transformation and cyber security, the notion of identity crystallizes opportunites, threats and solutions all in one. It is the key concept companies need to understand fully and implement.
With Identity Analytics, companies can more easily mobilize their resources and think in a transversal way, beyond silos, to achieve both business development and efficient risk management. All actors, internal actors and third parties, need to engage in this process. This collaboration and communication between actors is all the more important as cyber incidents are hard to detect and it takes several months, almost a year, as an average for companies to detect a breach or suspicious activities. Organizations need to pay attention to unusual user behaviors for example but most of them do not have the maturity and the resources to do so.
Identity Analytics has developped over the last 10 years and is continuing its rise as companies realize worldwide that traditional cyber security methods and tools are no longer adapted and can even become harmful by exposing them to risks they cannot detect and prevent.
Identity Analytics is still misunderstood or rather unknown but this is changing. Meanwhile, significant cyber security actors have tried to hijack the Identity Analytics term and use it for other meanings and cyber security specific features such as SIEM for example. Identity Analytics isn’t about real time detection but about enabling you to better analyze risks, prevent threats and ensure compliance by focusing on your key asset and threat: indentities.
With Brainwave GRC, its Identity Analytics solution includes advanced in-depth analytics, machine-learning and workflows to reduce access-related risks and ensure continuous compliance for all organizations.