Making Identity Governance more VIGILANT

05 May Making Identity Governance more VIGILANT

Posted at 19:54h in Blog by
2 Likes

One of the most common source of insider threat is user/system acquiring unauthorized access to an application bypassing in-place Identity Governance processes (Ex. modifying application’s security configurations/policy by application administrator). End-point security, Reverse proxy, IDS/IPS systems will not be able to prevent/detect such seemingly benign access given the limited context these components have about the user/system.

Typically, Identity Governance implementations fail to detect and act on such rogue actions in a timely manner, giving an attacker a “window of opportunity” to access sensitive data or perform unauthorized operations. There is a need for Identity Governance to be more vigilant, analyze application access data updates in real-time, and act.

Various IAM products in the market attempt to solve this problem superficially by providing a “framework” of IAM services, leaving the last mile of data collection, an effective response system and its integration for customers to implement.

Confluxsys Identity Analytics solution bridges the gap, applies organization’s Identity Governance processes to the change in application’s access data model in real-time.

  • Real-time access data collection and reconciliation through various interfaces – restful service, enterprise messaging service (pub/sub), tapping enterprise repository change logs (ldap change logs), SIM etc.
  • Analytics and response system whereby IAM services are invoked based on the pre-defined rules/policies.
Identity Analytics

Identity Analytics

Use Case: Application fine grained permission updates by administrator

  1. Application administrator accidentally/intentionally change permissions/application-functions associated to an entitlement.
  2. Change is logged by the application.
  3. Confluxsys Identity Analytics, monitoring application’s access control model changes, detects the change.
  4. Solution identifies affected entitlements/users, triggers entitlement definition certification and notifies the entitlement owners.
  5. Application Owner and/or entitlement owner/s review the change with additional contextual information (number of users affected, data classification etc.).