How Machine learning is revolutionizing identity analytics

Most discussions around identity management have revolved around the synchronization of identities across multiple systems to reduce the level of administrative effort. While many different terms have been used to describe this process, such as meta-directories, user provisioning and identity governance and administration (IGA), the only real change in function has been the inclusion of identity governance features. However, the result is an organization faced with a growing sense of fatigue as more and more business processes and compliance requirements are implemented. This has also diminished ROI as compliance controls like approvals or reviews are rubber-stamped, which defeats the purpose.

Reducing security teams’ cyber-fatigue

This is where identity analytics based on data science and machine learning are changing the game. We refer to these solutions as identity analytics (IdA). IdA solutions include a data lake that gives the current view of the data contained in the identity repository, a historical view of changes and inputs from individual infrastructure components or security information and event management (SIEM). Here are some of the benefits:

Analysis of historical data can be used to trend the number of CRUD (create, read, update, delete) operations over time, compare current activity to historical norms and review how an identity or the associated access has changed over time.
A dashboard of these results can provide a good indication of how the identity and access management (IAM) solution is performing, as well as detail like the number of high-risk users, entitlements or applications.

Threat Detection
The addition of the identity context to a SIEM for correlation or to a UEBA tool for analysis can greatly improve the likelihood of detecting a threat. The identification of anomalous identity and access behavior can also contribute to threat detection, especially insider threats.

User Experience/Automation
Additional information provided to approvers during access request workflows and access reviews, including recommendations on whether to approve, will allow the reviewers to make a better decision in less time. These decisions can also be automated for low-risk access, further reducing the workload on the reviewer.

Identity analytics: balancing the benefits and drawbacks

Most solutions provide some of the benefits described here, and many IAM vendors are building IdA capabilities (of varying levels of maturity) into their products — often resulting in islands of data and analytics. In an ideal world, all IAM components share the same risk engine and a common data lake to provide a consistent view of risk across the environment.

Despite these drawbacks, the benefits of IdA far outweigh the potential risk. Identity analytics allow us to achieve a level of automation and end-user experience that was not possible otherwise. As some organizations push the limits of what they can achieve with their IGA solutions, this is surely the way forward.

About the author

Allen Moffett

Allen Moffett

Global IAM Practice Lead, Atos

Allen joined Atos in 2016. He currently leads the strategy and portfolio for IAM services globally. He advises Atos customers on IAM strategy and roadmap, as well as leads the IAM domain of the global Atos Expert Community that drives innovation for the company. Previously, Allen was a global Practice Director for IAM solutions at Commercium Technology (CTI) and held similar positions at Unisys and Siemens. Allen is on the Executive Board for the Identity Defined Security Alliance and has held positions previously in industry organizations such as the Smart Card Alliance. Allen holds a BS in Computer Science from Louisiana State University with minors in Mathematics and French.

Interested in next publications?


Register to our newsletter and receive a notification when there are new articles.