Business and security professionals are becoming increasingly aware of the potential threats of cyberattacks, writes Mat Ludlam, Regional VP, EMEA at the identity management product company Courion Corporation.
In fact, recent findings from a UK-based risk management company survey found 65 percent of business decision makers expect to suffer an information security breach – at an average cost of nearly $1m and a recovery time of two months. The survey of 1000 non-IT business decision makers in organisations in the UK, US, Germany, France, Sweden, Norway and Switzerland show how recent high profile data breaches are impacting companies around the world. With this rising concern as a backdrop, organisations and government entities need to explore and use various security measures, including Intelligent Identity and Access Management or IIAM.
Identity and access management systems provide the capability to create and manage user accounts, roles, and access rights for individual users in organisations. They typically incorporate user provisioning, password management, policy management, access governance, and identity repositories in an often complex design. By connecting with an organisation’s applications and collecting information, Intelligent Identity and Access Management solutions continuously monitor information about identities and collect data related to resources (including applications, databases, and files), access rights, access policies, and user activities such as creating accounts and logging on to applications. In other cases, a specific action should be triggered, such as a micro-certification, or even automatic remediation. In all cases, the solution should provide notification of a possible violation or issue and, more importantly, provide recommended actions to make it easier to address the situation. For these reasons, the solution can also improve security analysis and risk management.
An Intelligent IAM solution can pinpoint trouble spots, weak points, and quickly answer key questions such as the following:
•Which accounts have the most privileged entitlements and have not reset a password in hundreds of days?
•Which individuals have the highest number of access rights when compared to peers?
•Which business units have the most orphan accounts?
An Intelligent IAM solution also can provide answers to questions in seconds, helping security and IAM analysts:
•Quickly detect potential indicators of attacks and security breaches (for example, a user account receives privileged access directly to a target application)
•Focus efforts on high-risk situations (for example, accounts with many privileged entitlements that haven’t reset their passwords in more than 90 days
An Intelligent Identity & Access Management solution can correlate data to compare users with others in the same role, or with any individual in the organisation who might provide a useful benchmark. Analysts, business managers, and resource owners can answer questions like, “Does John Smith have more access rights than other financial analysts?” and “How do the access rights available to John Smith compare with those of Jane Jones and William Brown?”
These comparisons are extremely useful for assessing new access requests from individuals, for identifying excessive rights that accumulate when people move through different positions, and for highlighting outliers that may indicate a process problem or a misbehaving user.
With an intelligent IAM solution, you can investigate and analyze high-risk individuals, groups, and situations, as well as compliance violations. This process makes it easier to answer questions like:
•Are there domain administrator accounts whose passwords have never been changed?
•Which non-sales systems has this sales person been accessing?
•Is anybody accessing patient medical information without a genuine “need to know”?
•Which accounts with at least five entitlements have not been used in more than 30 days?
•Does this account have a suspicious number of privileged entitlements?
•Should part-time employees receive all the access rights they are routinely granted?
•Do contractors continue to access resources after their projects end?
•Are system administrators routinely assigned rights they don’t need to perform their jobs?
•Does this business unit have an abnormal number of accounts with unnecessary entitlements (that is, access rights that have never been used)?
Because providing IAM is a huge task, organisations are likely to face many challenges when implementing. Business leaders may be asked to confirm the accounts in your IAM system and the access rights for each, which can be daunting and difficult. Unfortunately, the environments that IAM systems support are often subject to both purposeful attacks and inadvertent permission creep due to changing roles and rights within your organisation. In many organizations, periodic reviews of accounts and permissions and manual remediation tasks that try to fix them are the only way to manage rights issues.
