- New RSA® Technology Brief addresses how traditional Identity and Access Management (IAM) systems must evolve to stay relevant in today’s hyper-extended IT environments
- RSA’s vision, known as Adaptive IAM, morphs traditional static IAM into a system that is agile, intelligent and scalable and patrols a “situational perimeter” to help organizations dynamically protect access to valuable corporate resources and sensitive data
BEDFORD, MASS, MAY 13, 2013 - RSA, The Security Division of EMC® (NYSE: EMC), today released a new RSA® Technology Brief urging IT organizations to modernize their thinking and approach toward Identity and Access Management (IAM). In the Brief, “Adaptive IAM: Defending the Borderless Enterprise,” RSA outlines why IAM systems are on the front lines of defense against cyber attacks and how traditional solutions must be reinvented to keep up with the demands of the enterprise and the reality of today’s threat environment.
The task of ensuring that the right users get access to appropriate company resources has traditionally been the realm of IAM solutions. While IAM is attracting renewed interest as a way to further secure today’s increasingly hyper-extended and borderless enterprise, traditional IAM solutions must evolve to support the growing number of users, partners and cloud services that are accessing corporate resources from endpoint devices and applications that often fall outside the direct control of enterprise IT departments.
RSA’s Technology Brief introduces the concept of Adaptive IAM, which over the next few years will transform traditional IAM systems into more dynamic, agile, intelligent and risk-aware systems. With corporate identities under siege, a single successful login is no longer a sufficient way to attain trust. The level of security needs to adjust based on each transaction, the parties involved and the value of the data assets at play. Adaptive IAM will patrol a situational perimeter that will enforce security whenever and wherever users interact with corporate data and resources.
Adaptive IAM is defined by four emerging capabilities:
- Rich user profiles are used to compare real-time user activities and behaviors against a historical baseline, with significant deviations from “normal” behavior signaling security problems.
- Big Data analytics are applied to massive data sets to assess risks and to distinguish good behavior from bad.
- Monitoring and risk-based intervention keeps track of what users do after initial authentication and adjusts access controlsto measured risk levels. Users are interrupted with additional authentication requirements when unsafe activities are detected.
- Consumer-level convenience means identity controls and risk assessments must occur behind the scenes, imposing upon corporate end users only when necessary.
To help customers advance their migration to more Adaptive IAM, RSA also announced today several product integrations:
- Rich User Profile: RSA’s market-leading risk-based engine, delivered in the recently launched RSA® Authentication Manager 8 software as well as in RSA® Adaptive Authentication software, is designed to transparently absorb information from a variety of device, user and environmental factors to determine normal user behavior. To make even more secure authentication and authorization decisions, the latest version of RSA® Adaptive Directory 6.1 software is engineered to allow organizations to aggregate and centrally manage identity information across both on-premise identity data stores as well as cloud applications to create rich user profiles.
- Real-time Analytics Assess Risk and Integrate with Risk-based Access Controls: Deeper integration between RSA® Access Manager 6.2 software, RSA Adaptive Authentication software and RSA Authentication Manager 8 software help customers blend risk analytics with stronger authentication and access controls.
- Convenience: Updated releases oftheRSA® Adaptive Federation 1.5 software-as-a service as well as on-premise RSA® Federated Identity Manager software enables seamless single-sign-on to cloud-based applications.
Next-generation IAM systems will build a unified view of user identities, scale to the growing numbers of users coming from cloud and mobile platforms, and provide better detection of fraudulent and malicious attempts to access corporate resources – all with minimal disruption to legitimate user activity. RSA predicts Adaptive IAM technology will be a core component of intelligence-driven security programs in the future, helping organizations protect valuable enterprise information and identities across a blend of trusted and untrusted IT infrastructures.
Michael Suby, Stratecast Vice President, Research, Frost & Sullivan
“Advanced threats and disruptive technologies like cloud and mobile are pioneering a new normal for the security industry. The simple combination of the user name and password is not sufficient to prove digital identities anymore – yet deploying additional security measures can mean increasing budgets and decreasing end-user convenience. Adaptive IAM is an interesting concept as it is both agile and risk-aware. By more effectively measuring the risks of each transaction, organizations can establish trusted identities with more confidence and less sacrifice – something the IAM market has sought for a long time.”
RSA EXECUTIVE QUOTES:
Sam Curry, Vice President, Product Strategy & Data Protection
“The time for the industry to evolve is now. Customers are expressing discontent with the inability of traditional IAM systems to keep up with the pace of change as users adopt cloud and mobile technologies at an ever-faster rate. The key is to maintain protection over identity, access and data and to dynamically adjust the level of security to changing risk levels as users travel to remote locations, enter through untrusted networks or access cloud and web-based applications.”
- Download RSA’s Technology Brief “Adaptive IAM: Defending the Borderless Enterprise”
- Learn more about RSA Identity and Access Management
- Speaking of Security Blog: Adaptive IAM: On the Front Lines of Cyber Security
- Visit RSA Thought Leadership library
- Learn more about Trusted IT from EMC
- Connect with RSA via Twitter, Facebook, YouTube, LinkedIn and the RSA Speaking of Security Blog
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading GRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.EMC.com/RSA.
EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect and analyze their most valuable asset — information — in a more agile, trusted and cost-efficient way. Additional information about EMC can be found at www.RSA.com.