Identity and access management (IAM) is one of the few IT activities where an organization’s security posture and employee productivity are both in play. The same problems that exist for security, IT operations, and other aspects of IT are problems here. There is too much data for human analysts to evaluate quickly, with product sets that don’t proactively react, (there’s a bit of human fear about that).
Many individuals in the field of information technology now view “machine learning” and “analytics” as marketing buzzwords. Some vendors make outrageous claims that their software will do all of your analysis work for you. Too often, the machine learning and analytics reality can range from the inclusion of a few complex calculations to off-the-shelf algorithms and very complex proprietary to supervised machine learning algorithms. Seeing past the common product messaging can be challenging.
Yet, there are some vendors that employ “real” machine learning for genuine use cases, all industry verticals, cyber security, and IT operations. Most use cases center around analyzing human or machine behavior compared to historical norms in the business context of what the human’s (or machine’s) responsibilities should be as they interact with each other. Once outlier behaviors have been identified, actions (manual or automated) can be initiated to halt or allow the activity.
There are two main machine learning use cases for identity and access management.
Use case – security
Correct provisioning of accounts and permissions is the first obvious key to managing identity based risks. The massive increases in the number of business applications
The Identity and Access Management Life Cycle
and business partner access requirements results in constantly changing access needs. There is more work for the same number of humans, and the probability of misallocation increases.
Over the lifetime of the employee or partner’s relationship with the organization, the employee or partner often accumulates unneeded and unused access. This is due in part to processes that delay removal of access or miss access entirely. In some cases, over provisioning of access takes place for the sake of expediency. This access often isn’t reduced to more appropriate levels.
For security, machine learning can be employed to continuously monitor business application access and use in the context of who the employee or partner is and their relationship to the organization. Log data that describes connection origin and destination, location, time of day, session length, type of access, and what is accessed can be broken down into usage patterns. These patterns can then identify unused accounts or privileges for removal or, at the very least, provide the visibility needed to determine a course of action.
Use case – provisioning for employee productivity
The rapid growth in the number of siloed business applications makes static provisioning rules systems inefficient and fuels the growth of “one-off” provisioning approvals. The velocity of access management change is fueled by increased use of cloud applications, accessed by multiple employee devices. Most access provisioning systems are supported through the use of static provisioning rules. Partial provisioning of the access employees need leaves them unproductive, and delays in provisioning can lead to morale issues.
Through the use of machine learning, peer employee access activity data can be continuously analyzed in business context to suggest more efficient provisioning rules for new employees and reduce the number of one-off access grants. In other words, machine learning can be used to make static provisioning rule systems dynamic.
Taking a behavior-based approach to identity and access management using machine learning means quicker reactions to dynamic business needs. Employees and partners get the right access they need to be productive in short order. Automating the discovery of unused access and privilege artifacts reduces the identity-based security risks of insider threats to intellectual property and malware-based employee impersonation. Rather than having IAM policy and corporate compliance occur only once a year at audit time, enlightened provisioning and risk reduction is automated and constant.
Employing a machine learning platform means having a virtual analyst that can continuously review employee activity data, acting as a catalyst for improving provisioning processes throughout the identity life cycle.