sb-nz logo
Story image

Mitigating identity-related risks: The complete package or a one-man show?

05 Jul 2017

IT security continues to be a key concern for organisations in Asia Pacific. According to an IDC report, a significant number of organisations within the region are operating at the lowest states of IT Security readiness. As such, Identity and Access Management (IAM) is an essential tool to strengthen security and mitigate risk.

In the world of traditional IAM, two factor authentication, single sign-on, provisioning, governance and privileged management are just some of the related disciplines. More recently, buzzwords like “analytics” have begun to proliferate into the realm of IAM – and thus the emergence of “Identity Analytics.” Like most emerging technologies, the term “Identity Analytics” is often misunderstood and misconstrued. Organisations really need to take a step back, look at the different areas of identity analytics, why they might need them, and which will bring the most value.

The question then arises, when it comes to reducing risk before an issue occurs, do organisations need the unequivocal strength of The Avengers or could they hedge their bets on just Iron Man?

Analytics is the practice of pinpointing key information residing in large amounts of data to provide visibility and comparison that can often predict what might happen next. IAM solutions have been primarily focussed on the area of Behaviour Analytics – i.e., looking at what type of behaviour occurred and the reasoning behind this behaviour. However, they should also be focussed on Identity Analytics and reducing risk before bad behaviour impacts the business.

Behaviour Analytics (Iron Man)

Known also as User Behaviour Analytics (UBA), Behaviour Analytics is the practice of gathering information and data based on the user’s behaviour. Once supplied with this information, the UBA tool can identify what behaviour/usage deviates from a “normal” baseline to determine what action, if any, is needed.

In some cases, a user’s recent activities may differ substantively from their historical activity, which ultimately indicates a change in pattern and more importantly, a possible security breach.

For example, an employee within an organisation’s finance department (rightfully) has access to the file shares that store all the merger and acquisition (M&A) documentation. And over the course of the last nine months, the user visits the site on average twice per week and collectively downloaded three documents. However, over the past two weeks, the user visited the site every night after 9 p.m. and began downloading a massive amount of data.

While within the parameters of approved access, UBA would notice that the behaviour is anomalous – triggering further investigation from management and possibly even security. This is a simple example of how Behaviour Analytics, aka Iron Man, can be used to reduce security loopholes. But if you only had Iron Man’s genius-level intellect and his powerful, armoured suit, it still wouldn’t guarantee defeat against the likes of Loki or Ultron.

Identity Analytics (The Avengers)

As opposed to just tracking behaviour, Identity Analytics (The Avengers) approaches the issue from a different angle. It fully analyses and understands the entitlements a user should have vs. what they actually do have.

Simply understanding what entitlements a user has is not enough and any IAM product can report on those. What drives true value is the analytical component of understanding what entitlements a user has as it relates to the rest of the organisation, his or her peers, or even between organisations. This collective power translates into the ability to predict trends and behaviours, identify what may potentially happen, and make recommendations for corrective action.

Imagine an employee that previously worked in IT and ultimately decided to transition into the role of a pre-sales engineer. When the sales department uses traditional IAM tools to pull a list of “who has access to the pre-sales engineer SharePoint site,” this user would correctly show up.

However, what would not be apparent is the fact that this user is now one of the most powerful users in the organisation. What the report does not show is the entitlements that the user had as an IT professional had NOT been removed. This signifies that the user was never deprovisioned from their IT role, therefore the remaining, highly privileged access would increase potential security risks.

Identity Analytics would find an anomaly of this nature almost instantly by comparing this individual with others from the pre-sales department. Armed with this information, the security professionals would know where to begin their work of securing the organisation by removing the IT-related entitlements from this pre-sales engineer.

Beyond that, Identity Analytics can compare entitlements from one organisation to another. If you are in a bank with 3,000 users, an Identity Analytics tool could show that when compared to banks of similar size and location, your bank has twice as many people with elevated privileges; a security posture you may want to investigate.

Identity Analytics is a logical addition to an organisation’s larger IAM arsenal. It’s a solution that allows you to pre-empt bad behaviour and, accordingly, reduce your attack surface before an issue occurs.

It is, therefore, not about choosing one or the other. Any security-minded organisation needs the mightiest IAM heroes, in this case both Behaviour and Identity analytics, to combat the bad guy.

Article by Lennie Tan, Vice President & General Manager, One Identity, Asia Pacific & Japan.

Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Protegrity rolls out updates to data protection platform
Protegrity has updated its Protegrity Data Protection Platform to better secure sensitive data in hybrid-cloud, multi-cloud and SaaS environments.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More