In cybersecurity, identity is critical. And with identity, you absolutely, positively must know the answers to two key questions:
- Are users really who they say they are?
- Who are the users on your system and what do they have access to?
Security companies have been working to get the answers to these two questions for decades. Although answering those questions at scale may not be easy, it was easier when everyone is working from the same site (or at least behind the same firewall). But today, users could be working from just about anywhere. They might be working from home, an office, their car, a coffee shop, or an airport. They may need access to applications and resources located in the cloud, across multiple clouds, or at an office or data center.
Trying to secure, govern, and manage users across multiple networks and access ecosystems can be complicated. But no matter where users may be physically located and what they are trying to access, you still need answers.
Are users who they say they are?
The goal of identity and access management (IAM) is to answer the first question. Organizations use IAM solutions to grant or deny access to their systems by authenticating users and authorizing them to use resources. Most people are familiar with the public side of IAM. If you log onto a work computer, you may use some form of multi-factor authentication (MFA) to prove you really are who you say you are.
Obviously IAM is important. But knowing what happens once a user has access to the network is also critical. Getting the answer to the second question “what can this user access?” is how security teams track users once they’ve gained access. Determining what is and off limits can be difficult because of the rapid expansion of software-as-a-service (SaaS) applications, multi-cloud infrastructures, Internet of Things (IoT) devices, and various third-party relationships.
In a complex network environment, it can be challenging for identity managers to get a complete picture of the resources each user can access. This lack of visibility also makes it harder for them to pinpoint and prioritize identity risks and ensure compliance with internal and external security and privacy requirements.
Who is on the system and what can they access?
Identity governance and administration (IGA) solutions are designed to give your security and IT teams visibility into the identities and access privileges of users, so you have greater visibility and can better manage who has access to what systems, when they should have access, and what they can do with that access. Being able to see across both cloud and on-premises environments makes it possible to address risky access situations and ensure regulatory compliance.
An IGA platform is made up of four critical areas:
- Identity governance helps you determine who has access to what. You can manage high-risk users, roles, and applications.
- Identity lifecycle is all about the user lifecycle, so you can determine how they got access, when they joined, how their access changes when they move within roles, and how their access ends when they leave. A good lifecycle management solution should allow you to automate requests, approvals, provisioning, and fulfillment. Lifecycle solutions also can enforce policies and detect unauthorizes changes.
- Data access governance gives you visibility into unstructured data so you can determine who has access. You can quickly detect problematic access and remediate issues.
- Business role management establishes roles, their policies, and automates role certification
The misuse or compromise of identity is a serious threat. But having a single centralized view of who has access to what and where makes it possible to detect problems and risks before they turn into something far worse. IG&L solutions can help organizations comply with security and privacy regulations and requirements such as Sarbanes Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR).
IGA solutions also can lower costs by reducing labor-intensive processes like access certifications, access requests, password management, and provisioning, which all can have a significant impact on your IT team’s operational costs.
Moving from reactive to proactive
Using IGA tools can help organizations ensure employees aren’t granted too much access. By having only the least amount of privileges necessary to do their job, a compromised employee account won’t be able to move laterally through an environment or expand its access as easily. Least privilege is one of the tenants of the zero -trust security model, so removing over-entitlements takes you one step farther down the road on your zero-trust journey.
With the drastic changes in the volume of transactions, social brokering of identity, on-demand access, and the expansion in the types of users, the next step is for security to answer a third question:
Who should have access to what?
Putting this into the context of governance, asking who should have access has the potential to move IGA from reactive to proactive, so security teams can focus on preventative activities as opposed to forensic ones.
The cybersecurity industry is leveraging more artificial intelligence (AI) and machine learning (ML), as this technology can be applied to identity governance. For example, currently, IGA uses analytics and contextual information to determine different access classes and privileges, how widely resources are being used, and their criticality or risk levels. The categorization of access using risk weights and internal standards helps reviewers focus on access that has the greatest impact on the organization; it draws their attention to what needs they must address immediately.
IGA can benefit from AI and ML in these areas:
- Providing context to a reviewer regarding previously revoked access. In other words, a user had access to something, but in the last review it was taken away because the user shouldn’t have it, but then it was granted again. Is that shadow IT activity? Is it something the user needs sporadically or periodically to accomplish a task?
- Risk scoring. AI and ML can be used to help calculate specific entitlements and the actions you can take upon it, such as Read, Write, Update, Move, Delete, and Add. AI can be used to act or notify proactively when access is granted beyond prescribed controls. Or even to examine the contents of the roles and groups and then proactively suggest access to certain people based on title, function, current risk / criticality score of the user, or inclusion to existing roles to reduce role-sprawl.
- Application onboarding. AI and ML can be used to provide information about specific attributes, denotations, and owner information that must be embedded into controls before an application is launched or placed into service. The understanding of the service germane to its users, data risk, use restrictions, regulations can be used to apply the appropriate policies-rules-control objectives automatically.
- On-demand provisioning. AI and ML is used to follow entitlement usage trends, service controls portfolios, catalogue of available services or entitlements, user behaviors in conjunction with the user’s function-title-previous entitlement use histories, to provision access as it is needed for that user to become more efficient. As it learns what a user needs next, it can remove inappropriate entitlements and bypass the request and changeset process because of the combination of information.
- Risk avoidance. AI and ML can learn from the activities logged by a security information and event management (SIEM) system or session manager. It could then kill a user session or even suspends the user’s access points (accounts) based on activity and by comparing it to to other variables.
When you take advantage of AI and ML in all these areas, you can finally achieve an autonomous continuous compliance model, or at least get close to it.
Security begins with identity
RSA has decades of experience and mature solutions for both IAM and IGA. Our wide portfolio of authenticators, integrations, and offline authentication options provide the security you need whenever and wherever you need it. Our IAM solutions take advantage of behavioral analytics, business context, and threat intelligence to draw a comprehensive picture of the user and create real-time risk scoring associated with their access.
RSA Identity Governance & Lifecycle delivers continuous access assurance for organizations to ensure their users have the proper level of access to systems, data, and applications. It provides visibility across islands of identity in blended cloud and on-premises environments. This automated identity governance and compliance platform provides simplified access governance and streamlined user lifecycle management to that has a business-friendly user interface. Unlike other solutions, the RSA platform provides visibility at the lowest level of access to detect compliance violations, inappropriate access, and quantify identity risk in the organization. Sophisticated risk analytics then prioritize access remediation and actions for the business to reduce identity risk.
By pairing identity governance with advanced analytics, RSA helps your security team understand the relative risks posed by different access issues and prioritize them for action.
Learn more about RSA identity solutions at RSA.com/products