If you are reading this blog, you most likely understand the benefits of adding identity and access management (IAM) solutions to your business. However, what if you could make that solution better, faster, and help you become proactive instead of reactive? You can! Just add intelligence. Adding intelligence to your IAM solution can turn complex data into actionable information and find trouble spots, as well as high risk areas. It can compare across roles and with peers, as well as investigate high-risk individuals, groups, and situations.
By connecting with an organization’s applications and collecting information, IAM solutions continuously monitor information about identities and collect data related to resources (including applications, databases, and files), access rights, access policies, and user activities such as creating accounts and logging on to applications. This information, which may amount to gigabytes or terabytes of data, is organized in a data warehouse, as seen in Figure 1. Identity and Access Intelligence (IAI) is applied and analyzes the identity and access data using advanced analytic tools to perform data mining, statistical analysis, data visualization, and predictive analytics. These data analysis tools aren’t generic. They draw on IAM specific policies, rules, and risk indicators to provide information of immediate value to IAM administrators, analysts, compliance officers, and incident responders. An Intelligent IAM solution provides the following:
- Reports and graphics showing IAM activities and risk factors
- Notifications and alerts about policy violations and suspicious event Can we show alert screen?
- “Micro-certifications” triggered by questionable activities and events
- Automatic remediation , such as removing entitlements and disabling administrator accounts obtained without approval
- Risk scores that can be shared with provisioning systems and other applications (for example, a score that can be used to determine if special approvals are needed for a provisioning request)
- Ad-hoc reports and analyses, created by analysts to explore specific issues and risks
These capabilities allow Intelligent IAM solutions to help organizations overcome the governance gap, the complexity gap, and the context gap.
Rapid Response: Turn Complex Data into Actionable Information
An Intelligent IAM solution should not only be able to monitor key data continuously, but also it should provide a flexible range of options for rapid response and remediation. In most cases, the appropriate option is a notification or alert to a staff member who can investigate and determine whether or not the alert represents an issue that requires follow-up. In other cases, a specific action should be triggered, such as a micro-certification, or even automatic remediation. In all cases, the solution should not only provide notification of a possible violation or issue, but also it should provide related data, and if possible recommended actions to make it easier to address the situation. The solution can also improve security analysis and risk management.
Finding Trouble Spots and High Risk Areas
An Intelligent IAM solution can pinpoint trouble spots, weak points, and quickly answer key questions such as the following:
- Which accounts have the most privileged entitlements and haven’t reset a password in hundreds of days?
- Which individuals have the highest number of access rights when compared to peers?
- Which business units have the most orphan accounts?
An Intelligent IAM solution can provide answers to questions in seconds, helping security and IAM analysts to:
- Quickly detect potential indicators of attacks and security breaches (for example, a user account receives privileged access directly to a target application)
- Focus their efforts on high-risk situations (f or example, accounts with many privileged entitlements that haven’t reset their passwords in over 90 days -check out Figure 2-3)
Comparisons across Roles and with Peers
An IAM solution can correlate data to compare users with others in the same role, or with any individual in the organization who might provide a useful benchmark. Analysts, business managers, and resource owners can answer questions like “Does John Smith have more access rights than other financial analysts?” and “How do the access rights available to John Smith compare with those of Jane Jones and William Brown?” These comparisons are extremely useful for assessing new access requests from individuals, for identifying excessive rights that accumulate when people move through different positions, and for highlighting outliers that may indicate a process problem or a misbehaving user. Comparisons with peers also have the advantage of giving enterprises a way to identify elevated access (and risk) with out the expense of a major initiative to define and manage roles.
Investigating High-Risk Individuals, Groups, and Situations
With an intelligent IAM solution, you can investigate and analyze high-risk individuals, groups, and situations, as well as compliance violations. This process makes it easier to answer questions like the following:
- Are there domain administrator accounts whose pass words have never been changed?
- Which non-sales systems has this salesperson been accessing?
- Is anybody accessing patient medical information with out a genuine “need to know”?
- Which accounts with at least five entitlements haven’t been used in more than 30 days?
- Does this account have a suspicious number of privileged entitlements?
- Should part-time employees receive all the access rights they are routinely granted?
- Do contractors continue to access resources after their projects end?
- Are system administrators routinely assigned rights they don’t need to perform their jobs?
- Does this business unit have an abnormal number of accounts with unnecessary entitlements (that is, access rights that have never been used)?
Can your Identity and Access Management solution do all of this? With Access Insight 9.0 it can! Access Insight 9.0 is Courion’s newest intelligence tool works with Courion’s IAM solution, another vendor’s or even when no IAM solution is present to help you make sense of your complex access relationships. Want more information on how intelligence improves IAM?Download our eBook “Intelligent IAM for Dummies” or schedule a demo of Access Insight 9.0 for your organization and learn how you can get the most out of your complex data.