The field of Identity Security is undergoing a technological evolution, moving from repetitive admin work to automated, more secure solutions. Gone are the days when IT departments were required to manually look after who could access their organisation’s infrastructure and data, and often using outdated systems.
Identity Security has reached such a level of maturity that it is now pushing the boundaries of innovation. Encompassing data science, artificial intelligence (AI) and machine learning (ML) it is shaping how cybersecurity controls are implemented across entire organisations, as well as delivering an enhanced user experience.
From legacy solutions to the cloud
With traditional solutions, setting up a new employee network profile necessitated a series of tedious manual approvals, each of which needed to be multiplied by the number of systems and applications the individual needed to access. Any delays experienced when granting these access rights equate to lost productivity. It’s not only the onboarding process that is long-winded, re-certifying access to fulfil regular compliance requirements compounds the problem, representing another management overhead.
To overcome these challenges, many enterprises have begun to adopt cloud-based user provisioning solutions, which can offer greater flexibility and scalability. Now, the industry is about to embark on a new era of Identity Security, being driven by five key forces.
The Five Forces Now Shaping Identity Security
1: Utilisation of AI
One of AI’s advantages is that the technology is excellent at undertaking automated and repetitive tasks and processes. One of these processes is the annual entitlement recertification needed to maintain regulatory requirements, which can benefit tremendously from automation introduced by AI and/or ML.
Another area where AI excels is monitoring. Implementing AI-powered behavioural profiling reduces the need for human oversight and minimises approval times. Additionally, analysing behavioural data also enables organisations to enforce least privilege access, which improves user experience, decreases operational costs and enhances risk management.
User Behavioural Analytics (UEBA) pairs big data analytics with artificial intelligence to analyse user behavioural data in order to spot patterns and anomalies, gathering valuable insights to empower better decision-making.
2: Increased capability of behavioural models
Setting parameters for normal user behaviour is of utmost importance for the functionality and efficiency of an Identity Security program. Once these parameters have been established, granting or revoking application or system access can be fully automated. Accelerated by computing power, these decisions take only milliseconds and draw on information streamed from data architectures, data lakes, and cloud computing resources.
High-capacity behavioural models can also protect against the impact of weak or reoccurring passwords, which are common when users are required to set passwords for multiple systems. Instead of relying on access authentication through conventional Multi-Factor Authentication (MFA) models, authentication becomes a continuous process.
3: The rise of data science skills
With an increasing overlap between the fields of Identity Security and data science, data analytics skills are growing in value. This could be challenging for individuals who were honed on traditional Identity Security methods, with little experience in analysing behavioural patterns. These team members are increasingly reliant on their CISOs to re-skill them or at least guide them to areas where they can still contribute.
The rise of data science also presents the opportunity for an organisation to attract top talent. By offering roles that implement and support data-driven Identity Security programmes, businesses can create centres of excellence where highly skilled people want to work, as well as ensure that the innovative techniques are deployed optimally.
4: CISOs are now the driving force for Identity Security
Identity Security should be a key pillar in every organisation’s cybersecurity strategy, so it makes sense that more and more CISOs are taking closer ownership of these programmes. Their approach to programme management should be: Plan, Build, or Run, with separate teams responsible for planning – providing the blueprint for Identity Security operations and identifying which changes the organisation can benefit from – building – designing the workflows and analytics – and finally, running the operations, which involves overseeing operations on a day-to-day basis.
5: Increased oversight from the board
Presenting the business case for any project is a challenge, but in the case of Identity Security, there are clear benefits to communicate to the board.
Firstly, it lowers operational costs as automation and data science replace manual processes, although some savings might be offset by the cost of hiring highly specialised talent. Secondly, it boosts productivity by reducing decision-making time, typically by 10 to 25 per cent. It also ensures employee provisioning and de-provisioning take place within hours instead of days.
Conclusion
Transforming an organisation’s Identity Security programme will not only drive security best practices, it will do so at reduced cost, as the increased use of automation and data science techniques will replace expensive and outdated labour-intensive processes. Such initiatives don’t merely benefit the enterprise, they also provide an opportunity for Identity Security professionals to extend their skill sets, and for forward-thinking companies to attract top talent.
Jonathan Neal is the VP of Solutions Engineering at Saviynt. Jonathan has more than 25 years of IT industry experience and has spent the last 16 years specialising in the Identity, Access and Governance space. He has previously held senior pre-sales and consulting positions with Oblix, Oracle and CA.