Delivering Identity and access management (IAM) is becoming more complex in a world with growing remote workforces to secure and sophisticated cyber-attacks. The traditional model of assigning access to users by role and then using a perimeter security approach to manage risk isn’t cutting it anymore—it’s costly, manual effort that’s not scalable and doesn’t address today’s requirements for flexibility. Companies use so many different applications, services, and resources these days, it’s nearly impossible to manage identity the way we’ve always done it.
What companies need today is more context—contextual identity data, that is—to enable
Context-driven access control is the emerging gold standard for addressing the ever-changing identity requirements for companies.
Whether your employees are remote, hybrid, or always working in the office, you need a solution that’s restrictive enough to protect your systems, yet not so restrictive it impacts productivity—and this can only be delivered by knowing your users well.
Context-based access leverages the factors that make up a user’s behavior and activity, such as geolocation, device type, work schedules, etc. to make intelligent decisions about what access should be allowed. Let’s say an employee who typically uses a laptop to work during daytime hours of a workweek attempts to log on to the corporate network at
3 AM on Sunday with an unknown mobile device. With context-based access, that logon attempt could be blocked automatically. However, if they tried to do the same thing at 9 PM on a Thursday, the system could still allow them in, but with restrictions since it’s atypical behavior—while alerting management.
Simply put, a context-aware access system minimizes the risk to your systems, data, and employees, consumes fewer IT resources, and enables high productivity across the organization.
Want to see how organizations can lay the foundation for contextual access, and how it facilitates the future of work for today’s modern companies? Keep reading. 😉
How IAM is Evolving
The traditional corporate security perimeter was becoming extinct even before the recent mass shift to remote working. People have gone from working within closely monitored and secured enterprise networks to a largely unmonitored and unsecured WiFi network at home…or at a coffee shop, or even in a different country. Employees working outside the traditional security perimeter, from a variety of devices, locations, and accounts, provides more opportunities for cybercriminals.
Identity is the new security perimeter—and it encompasses both humans and devices. By building and leveraging the context around each identity, IAM systems can better manage the many thousands of users involved in today’s enterprise networks, while mitigating risk at a more granular level. From temporary employees and contractors to full-timers that manage key aspects of the business process, all identities can be secured and managed with the right context.
Baking Context into IAM
Contextual access actually makes more sense overall since user access needs can change frequently. An employee working from home still needs to access the same applications, systems, and data as if they were at the company office, while one on a business
trip might not.
When contextual identity data about each person is available, enterprises can establish granular access control driven by unique attributes. Richer context gives you control over which applications, assets, and resources users can access based on rules
How Does Contextual IAM Work?
Contextual access decisions can be enforced through risk scores, or levels, that are based on a combination of attributes such as location, device, access request type, time of day, and/or role. That risk level can then be used to determine the appropriate access.
Risk scores can be based on multiple factors such as:
- Location: Where is the request coming from? The main enterprise office or somewhere else? Where does the user’s profile indicate they should be making requests from, the local office or somewhere else in the world?
- Device: What device type is making the request? A laptop inside the secure enterprise network or a smartphone on public WiFi?
- Access request type: What type of activity is the user trying to do? Is someone just checking email, or are they trying to access high-value data?
- Time of day: When is the request being made? Is it during regular business hours or outside of them? Is it during the user’s assigned work hours or at an unusual time like 3 AM?
- User role: What role is currently assigned to this user? Is it the CEO or a temporary employee? An IT team member or long-term consultant?
For example, someone requesting access from a location where you don’t have any business dealings is high risk; someone requesting access from another area of your home country is medium risk; someone requesting access from a data center where you house technology is low risk. A contextual IAM system can then assess the users overall risk score in conjunction with other factors to dynamically grant appropriate access.
Dynamic Risk Level Assessment
But first, you have to lay the foundation for your contextual access system. It can only enable access for users with multiple changing factors if it has a source for that information—it can get that contextual user information coming from multiple systems through an Identity Data Fabric. An Identity Data Fabric unifies disparate identity data into a single source, with context about each identity available for consumption in one location. This capability becomes increasingly important as users move from one context to another or one work environment to another; implementing a unified identity data system today can facilitate such access.
For example, a doctor would need access to patient records at multiple locations across a hospital’s clinic network—but only during their appointed shift hours, and not in clinic locations where they are not practicing. The doctor’s information (title, assignments, shift data, authorized work locations, etc.) would need to be centrally accessible by a contextual policy engine to determine access.
The administrative efficiencies of a system based on unified identity data are also significant for the entire organization. New employees or those changing teams or roles can have their access updated automatically—with minimal intervention from IT or HR teams.
Optimizing IAM for the Real World
All of this sounds wonderful, but it also sounds like a lot of work—maybe even impossible—given that many enterprises struggle just to maintain their current IAM system. IT teams are already inundated with work, so how can they implement contextual access
An Identity Data Fabric can play a key role here by unifying all identity data information and making it available wherever it’s needed to enforce contextual access rules. The solution uses model-driven virtualization to gather all this data from various endpoints and deliver it to contextual access engines.
The biggest hurdle for most enterprises to get started is pulling all the scattered identity attributes together in a way that makes sense and then delivering it to the access engine. An Identity Data Fabric makes that task easier by pulling together all the identity data across diverse sources into a fully reusable and consumable service.
How does an Identity Data Fabric Enable Contextual IAM?
The Identity Data Fabric takes care of the “heavy lifting” for integration, making it easily accessible to the specialized tools without having to laboriously hard-code connections between diverse data stores. This frees the IT team to take on more advanced security projects, such as determining the appropriate risk factors, regularly reviewing policies, and creating remediation policies for when things go astray.
It enables the enterprise to apply and enforce access management policies across the organization and apply simple and consistent permission management across numerous systems and users, making everything more efficient and secure.
It brings business-level controls and visibility to a previously mysterious IT security strategy and infrastructure, increasing the transparency of the whole process. The transparency makes it easier to prepare for audits and compliance reporting, while also reducing the IAM workload across the organization.
Context is the Key to Intelligent Identity Data Management
Identity management is crucial for minimizing risk, improving user experience, and accelerating business—but there’s no one-size-fits-all approach. Employees need different types of access at different times—without reducing their productivity.
An Identity Data Fabric, weaving together context from existing identity systems (wherever they operate, in the cloud or on-prem), allows enterprises to implement a more advanced approach to identity management sooner rather than later—without heavy lifting on the implementation side or becoming too hard to manage during daily use. It unifies identity data to enable seamless, secure access across the organization while IT teams and business leaders can focus on innovation. It’ll strengthen an enterprise’s security posture without getting in the way of productivity.
Learn more–get in touch and we’ll talk your ear off about the future of identity!
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box every week.