According to the Verizon Data Breach Report over 80% of breaches were due to stolen or misused credentials. This shows us that our access credentials are more valuable than ever which means that being able to locate our high risk access accounts has become more important than ever.
Do you know who has the administrative privileges to your key applications, networks,
servers, or even email programs? When you are working in a small company with only a handful of employees this information can be easily tracked. You probably only have a handful of applications as well so manual mapping isn’t difficult.
However, if you are a business with 100+ users, manual recording becomes almost impossible. There are hundreds of thousands of access relationships active in a normal network. At the enterprise level you can be looking at trillions of access relationships. Keeping up with who has the keys to what is more than improbable, it is impossible to control at any scale. They typically incorporate user provisioning, password management, policy management, access governance, and identity repositories in an often complex design.
While these solutions are extremely helpful in tracking your access relationships, in order to be able to spot your high risk accounts, you must add intelligence.
Intelligent IAM (IIAM) encompasses all the administrative processes used in Identity and Access Management (IAM), but the processes are influenced by real‐time data. IAM solutions that use intelligence continuously collect, monitor, and analyze large volumes of identity and access‐related information, combining data not only from provisioning and governance solutions but also from security products and other external systems.
What does this real time data mean in your real world? Here are a few examples of how using actionable intelligence can help you find your most at risk accounts:
1. The ability to compare access roles and peer groups: While there are exceptions to every rule, let’s be honest, most roles in your organization have the same needs when it comes to access. That being said, when you are comparing the 20 people in the role of ‘accountant’ and you see that one account has markedly more privileged access, or access to more applications and programs, you can immediately investigate and/or shut down access from that account in order to protect the data available to that account.
2. Force micro-certifications for questionable activity: Speaking of questionable access, wouldn’t it be nice if your system automatically noticed when that one accountant asked for access to systems that they really had no business needing? With an intelligent IAM solution, you can force micro-certifications from a senior account when unusual access is requested.
3. Notifications and alerts to suspicious activity: I know, more alerts, but again isn’t it easier to be automatically alerted to suspicious activity when it happens rather than months later during your audit? Often times, a bad actor will enter your system through a seemingly innocuous system or application. Something that everyone has access to so it doesn’t seem like anything out of the ordinary is happening until they move throughout your system gaining access rights as they go. With IIAM you will be alerted to this activity before it can escalate.
4. Where are your orphaned accounts? Do you have summer interns in your company? What about consultants or contractors? When they finish their project or their internship runs out, do you have a system in place for deprovisioning them? With a traditional IAM system, you should be able to see this. But what if you forget? What if the interns leave while you’re on vacation and no one remembers to shut off their access? With intelligence, you can see where your orphaned accounts lie at any time. You can report on who hasn’t used their access in 30 days or whatever amount makes sense for your company.
Are you using intelligence to enhance your IAM solution? Can you do the five things above?
Learn more about intelligent IAM in our eBook, Intelligent IAM for Dummies, and make continuous and comprehensive monitoring of your network a reality.