For some time, declarative, rules-based identity and access management(IAM) systems have been the primary means by which organisations have controlled identities, access and compliance.
Today's mobile workforce, coupled with business priorities have lead to a massive increase in the number of identities being managed and moreover, the access rights associated with that workforce. Clearly, there is a need to monitor access, ensuring that access rights are current and appropriate, and hence not representing a potential security threat.
In any corporate, the sheer scale of the task of monitoring access has assumed vast proportions, consuming time, resource and money.
Addressing this problem, Identity Analytics (IdA), provides a risk-based approach for managing identities and access provisioning. Instead of static rules, IdA uses dynamic risk scores and advanced analytics to derive key indicators for automating account provisioning, de-provisioning, authentication and privileged access management. IdA enables organisations to implement intelligent IAM that can keep pace with rapidly changing business.
IdA automates the detection of access risks, access outliers, excess access, shared high privileged access (HPA) accounts, as well as, orphan and dormant accounts. It reduces the attack surface area for identities by replacing roles defined using manual processes and legacy rules, with machine-learning-based intelligent roles.
Intelligent roles are algorithmically derived by harvesting and processing data from existing accounts and access activity based on dynamic peer groups to identify common role factors for each individual user or device.
IdA also replaces manual identity management processes, improves and often automates provisioning, and also scrubs identity as an access plane for compliance and audits. Managing identities traditionally involved an unwieldy manual process of visually reviewing spreadsheets filled with both granted access privileges and access events.
Clearly, this is a human-error-prone model. IdA instead uses machine learning to expose anomalous access and provides the opportunity to implement risk-based access certifications to reduce rubber-stamping. This ensures scarce human resources are only used in high risk access scenarios, while all others are automated.
Detecting IAM risks across on-premises, cloud and mobile enterprise applications is no longer feasible using traditional rules-based and manually intensive processes. IdA’s ability to apply machine learning analytics and risk scoring to massive volumes of identity data and access activity provides several benefits, including:
Partnered with Idax Software, we are perfectly positioned to integrate IdA into an IAM system and automate the tasks of managing access rights.
With the use of Idax Software we can address the following issues;
Access Review: Eliminate box-ticking during reviews
Access Control is now the front line in the fight against data breaches. The SELECT ALL> APPROVE approach often deployed by many managers faced with a growing mountain of anonymous access rights, is a far greater risk than it once was. Effective entitlement reviews are critical.
Integrated in to the heart of existing access review systems, the intelligence deliverd by Idax significantly improves the effectiveness of reviews by ranking employees according to their access risk. Only individuals with high-risk access are reviewed by managers. Using this intelligence, Idax has delivered reductions of up to 90% in entitlements sent for review, 65% in the number of managers doing reviews and cost savings of up to 40%.
Access Request: Instant approvals with added peace-of-mind
Idax supports improved employee productivity for both low and high risk access requests by providing the intelligence and context necessary for quicker decisions. Idax knows when access is low risk and informs the request system to allow instant approval. Where Idax deems access to be high-risk, it provides the request system with the additional context necessary to allow managers to make appropriate decisions quickly.
Access Clean-up: Bring focus and intelligence to your entitlement landscape
Whether your data is structured or unstructured, Idax can provide a single view of access rights from across the enterprise and in to the cloud. The risk intelligence output from Idax directs efforts to those individuals whose access requires the most urgent attention.
JML Process: Know which access to add and which to remove
JOINERIdax generates dynamic access templates from multiple entitlement sources giving joiners access to everything they need to have access to from day-one. No more cloning, no more asking managers, just the right access at the right time.
MOVERPeople accumulate access rights as they change roles within the same organization which can often then be cloned for joiners in the same role. Idax automatically suggests which access rights to add and remove when attributes such as ‘role’, ‘department’ or ‘location’ change.
LEAVERIdax not only highlights orphaned accounts but also suggests who the previous owner might have been to allow fast remedial action. Idax’s fuzzy matching algorithm almost entirely removes inaccuracies in this process.
Role Mining: Role Based Access Control made easy
Implementing Role Based Access Control (RBAC) is challenging. Roles proliferate almost as fast as their component access requirements change and attempts to find a good fit for each employee often creates almost as many roles as there are employees. Essentially that would be Employee Based Access Control (EPAC) and that’s just ‘wrong’.
Idax has intelligent algorithms which continuously mine access data to dynamically define ideal roles. Our advanced grouping algorithms can then group users into the correct roles, based only on current patterns of access.
Using this methodology, Idax is able to addresses questions asked of any RBAC implementation: How many roles do we need? What access should each role have? Who goes in which role? Answering these questions takes Idax just hours but without Idax, projects can be extremely expensive and take months or even years. Most fail completely.
Idax was recently engaged by a leading Asset Management company looking to implement RBAC as part of a new solution from a leading IAM vendor. The client had originally allocated 6 weeks for role-mining and had anticipated talking to each individual manager across the business to understand what constitutes the correct access for each role. Using Idax they were able to complete the work in only 3 days and without disturbing managers.
We will explain how Idax software can help you reduce risk and safe time and effort.
Please complete the form below, and we will get back to you within one business day;