Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Tuesday, July 27, 2010

Applying HP Labs Identity Analytics to the IAM area

In two recent posts of mine, I provided additional information about what the HP Labs Identity Analytics is and how it relates to the Security Analytics initiative.

In the past three years we have been doing a lot of work in applying this methodology and approach (along with out tools) to different IAM areas.

At this stage, I thought it would be of interest to share additional details about some of these areas of relevance where HP Labs Identity Analytics has been successfully used and how this has been achieved. This includes:
  • Access Management area: in a few case studies carried out with customers we explored their current access management processes, inclusive of their provisioning and deprovisioning processes. We investigated aspects of concerns, such as their risk exposure and productivity – by agreeing specific metrics. We kept into accounts tradeoffs of relevance to the customers. We considered risk exposure due to: privileged hanging accounts generated by process failures, misbehaviours by employees and managers, steps that could be easily bypassed. We factored in the implications due to specific threat environments. We used modelling and simulations to deal with “what-if” analysis, for example by adding more IAM automation or changing some of the existing processes, etc.
  • Compliance Checking and Auditing area: we explored the effectiveness of an organisation compliance checking teams, their capabilities in identifying and remediating violations and failures (e.g. SOX compliance), based on assumptions coming from the fields, such as applications and services involved, population of users and their accounts, likelihood of failures in the process of managing access rights, etc. We used modelling and simulations to compare and contrast the outcomes of these compliance checking processes against auditing processes, to identify ways of further improvements
  • Data Leakage: we used modelling and simulation to investigate how employees use, store, handle and disclose confidential data and the overall impact in terms of data leakage. We considered the organisational data flows, involving people, systems and organisational groups. We factored in the risk mitigation introduced by existing organisational controls (e.g. DRM, encryption, interception and filtering of emails). We explored how changes in processes, behaviours and control points affect the organisational data leakage. Specific areas of investigation have been around the adoption of (1) social networking by employees and (2) usage of collaborative/sharing tools and the impact on data leakage.
  • Job Design: we used modelling and simulations to explore the implications of specific job designs, i.e. the impact that the definition of roles and the association of access rights (for a population of workers) has on an organisation, under different assumptions and hypothesis. Specifically we investigated the impact in terms of risks and how changes can affect this risk – by keeping into account operational constraints, people skills and potential threats
  • Password Management: we used social studies, coupled with modelling and simulations to explore the impact that people’s behaviours, system constraints and organisational policies have on passwords and their management. We investigated the risk exposure that organisations have, as a consequence of this, and how this risk could vary by changing some of the involved factors, such as password policies and IT control points.

Additional areas I am currently exploring (from an R&D perspective) include:

  • Cloud computing, impact and effectiveness of related IAM solutions in managing accounts and protecting resources - from the perspective of different stakeholders
  • Identity and Privacy assurance: which most suitable approach to adopt to increase the level on assurance on how identities, credentials and personal data are used, managed and disclosed – from the perspective of different stakeholders
  • Role of Federated Identity Management, within and across organisations. Impact on productivity, costs and risk exposure
  • Role of different Authentication mechanisms and their actual impact both in terms of mitigating risks and dealing with productivity & costs aspects
  • Economics of IAM

Again, various case studies, investigations and analysis have been carried out with a top-down approach, driven by customers’ needs, their questions/problems and an understanding of the involved business and IT processes, people behaviours and threat environment.

Additional public material on our HP Labs Identity Analytics work can be found here.


--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

--- NOTE: my original HP blog can be found here ---

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)