With today’s cyber landscape, it’s essential that organizations take an Intelligence Driven approach to Security. At RSA, we’ve pioneered this approach. Intelligence Driven Security is an information security strategy that can help organizations like yours mitigate the risk of operating in a digital world by enabling you to detect, investigate, and respond to advanced threats; confirm and mange identities; and prevent online fraud and cybercrime.
You should apply an Intelligence Driven approach to your Identity and Access Management (IAM) program, regardless of what vendor or solution you choose to deploy. Here are a few steps to guide you in this approach.
The first step is Visibility. You need to collect as much detailed data as you can about what matters in defending your business. For IAM, you need visibility into User Accounts, what Entitlements those Accounts have been granted, and other Attributes associated with a particular Account that you can incorporate into making access or governance decisions. You also need visibility into the occurrence of important identity lifecycle events such as when a user joins, moves, and leaves, so that you can adjust access accordingly.
The second step is Analysis. This turns the data you have collected into actionable intelligence. Business owners should perform access reviews to determine if Accounts have the proper Rights and Entitlements based on their business Role. You should evaluate groups of Accounts to ensure their compliance with policy or regulation. You should also evaluate the behavior of a particular Account to determine a risk score to be used to make access decisions. And any analysis should be enhanced by context provided by the data you’ve gathered. For example, if you know an Account is associated with a particular business Role, the behavior should be evaluated for anomalies in the context of that role.
Finally, you need the ability to take rapid Action, based on your analysis. This will allow you to enable the business or protect it from damage or loss. So you may choose to provision or de-provision an account. You may add or remove entitlements. You may require additional authentication or allow the account to be federated to another domain or sign on to another system.
Taking an Intelligence Driven approach to IAM will enable you to reduce identity-related risk and make better decisions for your business. And, at the end of the day, the role of IAM is to enable and support the business, right?