05 May Identity Governance and Analytics
Business need: A holistic view of information security management in an organization with the purpose of:
- Measuring effectiveness of a security control or policy. How realistic were my ROI forecasts and its trend?
- Design, develop, and optimize organization’s security strategy.
- Improvise effectiveness and productivity. Do the “things” more intelligently.
Challenges
- Information silos – To manage complexity, information security management is generally implemented by a set of distributed components. This has also resulted in “Information silos” – no holistic view of organization’s security posture. Example: Identity management system manages user to entitlement assignments but does not have any details about the objects/permission that entitlement entitles to.
- A software component typically organizes data for optimal execution of its operations/transaction i.e. integrity, performance. Generating useful business insight is cumbersome if not infeasible.
- Auditing: component audit certain important transactions only. Moreover, auditing all transaction is expensive and impacts performance. Analysis would have to be restricted based on component’s auditing capabilities and its configurations.
Confluxsys Identity Analytics retrieves data from various enterprise repositories, models them into an “IAM Graph” that comprises of “domain entities” as nodes and their relationships with the purpose of performing analytics, deriving useful business insights and appropriate response.
- Current state of IAM entities from various sources are collected and aggregated.
- Analytics result is persisted on a timescale with contextual information useful for trending and forecast.
Solution provides a framework using which a new dataset can be analyzed with minimal necessary dataset specific development.
Components:
Staging: implements the IAM business intelligence. It retrieves data, models and stores into a structure suited for analytics – an “IAM Graph”.
Analytics: performs analytics using bigdata processing frameworks.
Event and Action: Raises an IAM event and/or performs an action based on certain pre-configured rules.
Use Case: Redundant Access Analysis
User access is generally managed by role/entitlement assignments, IAM processes generally put strict governance around the assignments (certification, approver etc.) but over period of time, as application evolves, access entitled by roles and/or entitlements becomes redundant. There is a need for a holistic view of user’s access to the resource, analyze role/entitlement definition, review and cleanup these redundant access.
Confluxsys Identity Analytics provides holistic view of user’s access, enables business to review and remediate redundant access.