Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog > Author: Elizabeth Robinson

With today’s cyber landscape, it’s essential that organizations take an Intelligence Driven approach to Security.  At RSA, we’ve pioneered this approach.  Intelligence Driven Security is an information security strategy that can help organizations like yours mitigate the risk of operating in a digital world by enabling you to detect, investigate, and respond to advanced threats; confirm and mange identities; and prevent online fraud and cybercrime.

 

You should apply an Intelligence Driven approach to your Identity and Access Management (IAM) program, regardless of what vendor or solution you choose to deploy.  Here are a few steps to guide you in this approach.

 

The first step is Visibility. You need to collect as much detailed data as you can about what matters in defending your business.  For IAM, you need visibility into User Accounts, what Entitlements those Accounts have been granted, and other Attributes associated with a particular Account that you can incorporate into making access or governance decisions.  You also need visibility into the occurrence of important identity lifecycle events such as when a user joins, moves, and leaves, so that you can adjust access accordingly.

 

The second step is Analysis. This turns the data you have collected into actionable intelligence.  Business owners should perform access reviews to determine if Accounts have the proper Rights and Entitlements based on their business Role.  You should evaluate groups of Accounts to ensure their compliance with policy or regulation.  You should also evaluate the behavior of a particular Account to determine a risk score to be used to make access decisions.  And any analysis should be enhanced by context provided by the data you’ve gathered. For example, if you know an Account is associated with a particular business Role, the behavior should be evaluated for anomalies in the context of that role.

 

Finally, you need the ability to take rapid Action, based on your analysis.  This will allow you to enable the business or protect it from damage or loss.  So you may choose to provision or de-provision an account. You may add or remove entitlements. You may require additional authentication or allow the account to be federated to another domain or sign on to another system.

 

Taking an Intelligence Driven approach to IAM will enable you to reduce identity-related risk and make better decisions for your business.  And, at the end of the day, the role of IAM is to enable and support the business, right?

Identity Intelligence is a term you may have heard lately – and it represents the next level of IAM program maturity, for which many organizations are now aiming.  Robust identity intelligence can guide the right access decisions across the identity lifecycle, helping to minimize risk and enable compliance with internal guidelines and external regulations.  Doesn’t that sound like it could make your life easier?

 

There are three stages to fully harness the Identity Intelligence that exists in your organization.  The first step involves collecting accounts, entitlements and attributes, to fully unify your identities and produce rich identity context.  Once you have the visibility and context of all existing identities, you can start to put policies and rules in place to guide access decisions.

 

The second step is all about identity analytics.  Here, you can start to define key metrics and implement dashboards and reporting for better analysis.  For example, how many access reviews have you run in the past year?  How many access changes came as a result?  How long did it take to fulfill those changes?  Once you can dive deep into this analysis, you can uncover issues and determine what to focus on improving.

 

From there, the third stage involves building out an identity ecosystem and combining the various instances of intelligence across your organization: business, threat, identity.  Often the first step is to connect your authentication deployment with your identity governance deployment to incorporate governance into your access program.  For example, connecting governance to your single sign-on system will ensure that the access you are allowing is appropriate.  Connect your IAM deployment to your GRC deployment to improve incident response, automate continuous monitoring of identity controls, and manage access decisions based on application risk.  Connect to your SIEM deployment, for better incident investigation and threat remediation.  Connect to your DLP deployment to drive access reviews and business processes around unstructured data resources.  How else could you leverage identity intelligence in your organization?

 

Join this webinar to learn more about how to learn how organizations can use Identity Intelligence to cost-effectively and efficiently protect the business, accelerate business user productivity, and minimize risk across the enterprise.