Using data and analytics in identity governance
As organizations have returned to workplace environments and are now operating in today’s new normal, they may inevitably need to continue enhancing business value while keeping spending in check. While the pandemic-driven pivot toward digitization may have spared immediate scrutiny over cyber security spending, the urgency for IT and cyber leaders to demonstrate return on investments and justify spending on identity solutions will likely remain high.
Identity management and governance are mature functions in many sizable organizations where significant resources and money have been committed to ‘keeping the lights on.’ As long as nominal operational and compliance requirements are met, there’s little incentive to spend more unless management is able to understand stronger business and risk drivers. But when organizations do embark on identity and access management (IAM) initiatives, many fail to deliver on business objectives. They haven’t been able to prioritize risk mitigation outcomes when early stages of IAM projects are typically focused on onboarding and connectivity issues.
Risk management and compliance are usually the most compelling business drivers for IAM spending. This is especially true in highly regulated industries like financial services, healthcare and telecommunications. But the return on investment is often difficult to quantify. Typical metrics from a risk and operational efficiency perspective include:
- The number of at-risk accounts cleaned and number of potential breaches avoided
- The reduction in help desk tickets for account management requests
- The number of requests and time needed to complete access requests
As the global evolution to digital economies accelerates, identity management and governance solutions should keep pace. It’s not enough to simply replace access reviews done via manual form filling exercises with online quarterly exercises. It’s now crucial to demonstrate even more value to the business. The components required for a modern, data-driven identity model include anomaly detection, machine learning and supervised learning — and this is where data analytics is going to be key.
Data analytics is a game changer to manage identity and access risks
Analytics has enabled many organizations to gain timely and invaluable insights from their business data. These insights can help identify more efficient ways to run the business and enable more informed decision making, ultimately resulting in enhanced service, reduced costs and greater customer satisfaction. The same can be said when applying analytics to identity governance to manage risks associated with identity and access management. It provides an opportunity to ‘shift security left’ and quickly detect high-risk events, prevent potential breaches, increase operational efficiency and reduce costs. Data analytics can be applied to identity governance in several ways. Some of which include:
- Anomaly detection in identity related data: Identity analytics can be used to evaluate and identify risky behaviors based on deep insights from identity related data, such as access requests, entitlement changes, user employment status and more. Both supervised and unsupervised machine-learning approaches may be used. For example, supervised machine-learning models can analyze user-access behaviors and detect unusual activities such as the use of different modes of authentication or logging in from an unexpected IP address. Meanwhile, unsupervised techniques using anomaly detection models can determine outlier behavior based on the norm. Once risky events are identified, they can be mitigated by cleaning up excessive rights, investigating outliers or removing incorrect entitlements from users. Other techniques to identify outliers include clustering using network analytics, network graphs, peer group analysis and common roles analysis.
- Account monitoring and policy violation detection: Account monitoring is another use case to monitor typical identity management blind spots and policy violations such as orphan/dormant accounts and accounts with excessive or unused entitlements. As new activity data from IAM solutions are generated and fed into machine-learning engines, enhanced models can be built to match the dynamic changes and better predict and identify new outliers.
- Analytics in identity certification campaigns: Identity analytics solutions have also progressed to support a continuous compliance mandate through risk-based micro-certification campaigns. Additionally, by embedding analytics functions into the identity lifecycle workflow (during access requests, approvals, certification campaigns, etc.), organizations gain insights into the types of applications and devices involved, as well as risk-scoring calculations, which enable reviewers and approvers to make informed and accurate decisions at pace.
- Automated access rights and roles provision: A welcome development will be the deployment of AI-driven analytics to recommend access rights and roles for users automatically, much like recommender systems being used by digital commerce platforms to recommend products and services based on previous customer purchases and products viewed. For example, if a user has exhibited patterns that don’t require all rights granted for their current role, the system may be configured to recommend that the user’s role be changed to one with fewer privileges. This should minimize the risks of users having access to systems and data they shouldn’t be able to access.
Improve operational efficiency with AI driven identity governance
There’s another compelling narrative for why data analytics and AI driven automation is the future of identity governance. With the short supply of skilled and qualified professionals in security, combined with increasing cost pressures, chief information security officers are being asked to do more with less. As identity management lifecycle tasks such as access requests and certifications can be repetitive and error-prone, they’re perfect candidates for automation of high confidence and low-risk decisions. Beware, however — success depends on the ability to detect and classify low-, medium- and high-risk user-access patterns across the entire enterprise.
Whether implemented to reduce risk, increase operational efficiency or meet growing cost pressures, these techniques can be highly effective. Automation and analytics will likely give identity governance teams more time and resources to manage complex decisions and activities while reducing errors and fatigue among more-mundane IAM tasks. At the same time, the risk of data breaches will be reduced. Organizations should be able to accelerate their certification campaigns with the confidence that they aren’t exposing themselves to more risk.
The next evolution will see analytics transform identity governance further — from a reactive function to a pre-emptive endeavor, where powerful predictive solutions with access to enterprise data become even more autonomous and make proactive decisions before risks materialize.
While data analytics is not a panacea for all the challenges that identity management solutions are faced with, it’s a strong enabler to do more and better with less. The perimeters of enterprise IT are being made redundant amid the need to support employees working from home, expanding partner ecosystems that require access to organizational data, and the relentless shift of IT infrastructure to the cloud. Identity management has become the bedrock to maintaining a secure workspace, so automation and data are critical to effective management of the identity lifecycle and associated risks.
While identity management projects can be big investments with long timelines, data analytics should be leveraged to manage security risks around identity and access management quickly and deliver a return on investment early.