Page 6 – Radiant Logic | Unify, Observe, and Act on ALL Identity Data

A winding stone walkway leads to a small chapel atop a rocky island surrounded by blue ocean waves, under a vibrant orange and pink sunset sky.

How to Monitor Cybersecurity Threats with Identity Analytics

May 23, 2023/in Blog Sebastien Faivre/by Josue Ochoa

In our last blog article in this series, we will address the trend of moving tools, systems and applications to the cloud. The necessity of this was accelerated during the recent global pandemic but, surprisingly, remains the norm for many companies since that time. A great percentage of a company’s workforce remains at home, accessing the tools they use on a daily basis in the cloud. Both of these phenomena have exponentially increased the threat of breaches and other malicious cyber-attacks.

The proliferation of the Zero Trust posture within organizations has heightened the awareness of the importance of identity within this framework. The Zero Trust model requires that all users of a company’s systems and resources, whether internal or external, be authenticated and authorized prior to them being given access. The three pillars of Zero Trust are risk awareness, least privileged access and continuous access verification.

Here is an example of the most common risks associated with poor identity and access rights management.

A former Employee Still has Access to Company Resources

While at first glance this may seem unlikely, it is actually much more common than imagined. According to a survey conducted by Brainwave GRC, 90% of former employees retain access to the organization’s applications for more than three months after they have left the company. The departure of an employee or the end of a collaboration with a service provider or partner are part of the daily life in most organizations and can, in some cases, go unnoticed with regard to IT processes and procedures. Two main cases can be observed.

The affected accounts remain unused
- These are referred to as dormant accounts because they have not been used for a long period of time. Dormant accounts are forgotten and represent a prime target for attackers wishing to break into information systems because they escape the organization’s vigilance
The affected accounts are still being used
- According to a survey conducted by Brainwave GRC, 43% of accounts that are assigned to departed employees are still being used. This can have a serious impact on the company, as highlighted in the following examples
- If the account is used by the former employee himself or herself, and the employee has left the company in a contentious context, the risk of malicious activity is high and presents a real danger to the company’s assets
- A former employee may have meant well by passing on his or her login and password to a member the team as part of a job handover, but this convenient method of going around the system can have dire consequences with regard to security
- At times, an account remains active in order to maintain a service or an application in operation. However, this means that logins and passwords are shared without any trace of this exchange being recorded in the system. In this case, it is impossible to know exactly who is accessing what, and for what reasons

Whatever the case, an organization is exposed to a multitude of risks where dormant accounts are concerned, risks such as sabotage, data leakage or theft and business disruption.

Access Rights and Mobility: Excessive Privileges and Toxic Combinations

At the beginning of 2022, 74% of organizations that fell victim to cyber-attacks believed that legitimately granted permissions and privileges was one of the main factors that incited the attack.

This figure highlights the notion that privileged access is a prime target for hackers. It is not surprising since these accesses are intended to protect the organization’s critical assets and designed to allow a certain number of sensitive operations to be undertaken. Hacking into them allows the perpetrator to quickly take control of an organization’s information systems, as witnessed by the cyber-attack that Uber faced during 2022, among others. The need to perfectly control the granting of privileged access through the use of a Privileged Access Management (PAM) solution, in particular, is key.

In addition to scrupulous regulation of the use of privileged accounts, the granting of even standard access rights can also lead to abuse and generate cybersecurity risk.

In the context of internal mobility, for example, extreme caution is required regardless of the nature of the access rights the employee has, and this for several reasons:

The scope of an employee’s mission has evolved. Are the access rights that were necessary for him to perform his former duties still legitimate, or should they be removed?
Would granting additional access rights linked to his new job function create any risk?

To determine this, old and new access rights must be examined closely. Otherwise, it could be that the employee’s actual access rights exceed the three founding principles of access rights security, which are:

Least privilege
Need-to-know, and
Segregation of Duties (SoD)

In the case of SoD, for example, a person with access rights that allow him or her to modify a bank account number in a payroll application while simultaneously being able to perform a financial transfer accumulates access rights that are incompatible with each other. Moreover, if these access rights are, in fact, of a privileged nature, the employee has full power over the organization’s information systems. The risk of internal fraud is, therefore, present, and the hacking of an account of this type constitutes a golden opportunity for those with malicious intent.

Solutions for Monitoring Cyber Threat: Identity Analytics

Whatever the means deployed, it is highly likely that an organization will one day be forced to deal with a successful attack. By the time it is identified, it may already be too late. In some cases, the intrusion at the origin of the attack will have taken place days, months, or even years ago. In this case, the information systems could already be compromised, and the repercussions considerable. To avoid this, it is recommended to consider software solutions that provide protection, such as RadiantOne Identity Analytics powered by Brainwave GRC.

Identity analytics-enriched solutions such as Identity Analytics, help reduce the attack surface. If poor management of identities and access rights increases this surface, efficient and effective management reduces it and forces the attacker to execute lateral movements to access the organization’s data. Identity analytics can help to take action:

Preventively, by reducing the attack surface by reducing access rights, and
Proactively, by uncovering attacks in progress by analyzing behavior and associated drift

This can be done by enabling the collection, correlation and analysis of complex and disparate access data such as accounts, groups, permissions and logs. Using an identity analytics solution enables this by ingesting data of all types in an agnostic manner, followed by the correlation and analysis of this data.

Shedding Light on the Organization’s Identities and Access Rights

By collecting the data associated with access rights, no matter the origin (HR tools, directories, legacy applications, ERP, SaaS, etc.), Identity Analytics provides the ability to correlate identities, accounts and access rights located in the information system. This helps build the chain of access, whether or not they are managed by an Identity and Access Management (IAM) tool. Data quality issues can be uncovered and corrected, and a 360° view will show who can access what, when and why.

Once the access chain is built, simplify the execution of access rights controls and automate access reviews. Increase their frequency in order to move from a posture of compliance to one of risk mitigation.

Save Time
- Once configured, Identity Analytics automates everything to provide a continuous, risk-based view of the situation. In this way, inquiries by managers, auditors and other stakeholders can be answered quickly and easily.
Make Controls More Reliable
- As mentioned above, human error is common and is considered to be a vector for risk. By using Identity Analytics with IT and SoD control engines, the margin of error attributable to teams is greatly reduced.
Optimize Costs
- By providing teams with clear, documented data sets and automating everything possible, access controls are worth the cost.
Motivate and Encourage the Team
- Reviewing access rights is often perceived as a time-consuming, tedious, and burdensome exercise. In order to meet deadlines, it is not uncommon to find that the access rights being reviewed have been validated quickly and without taking a long, hard look at the data itself. Providing user-friendly interfaces that can be understood by all stakeholders in the access review process avoids this type of situation because teams are more likely to focus on the key areas of concern in order to make informed, relevant decisions.
Instill a Spirit of Collaboration
- Automating access-related controls and reviews allows different teams to work together more efficiently, down to the company’s first line of defense, keeping the organization’s assets protected and secured.

Additionally, mash-up dashboards and reports that solutions such as Identity Analytics provide are excellent tools for analyzing and controlling the risk related to access rights and help to avoid unusual and atypical situations. Risk factors associated with an identity or access right can be identified and the correct remediation undertaken, including revoking access rights, increasing the frequency of controls, and modifying a role that was assigned to a given identity.

Using Identity Analytics contributes to the control and reduction of risk associated with identities and access rights and offers a decision support tool to manage any cybersecurity strategy more easily by focusing on the situations that generate the most critical risk.

By covering the perimeter of identities and access rights present within an organization, Identity Analytics not only provides an exhaustive visibility of the scope of each granted access right, but it also allows for the detection of abnormal behaviors and deviations using machine learning and risk-scoring analytics. It is imperative to continuously assess IT systems to uncover anomalies and mitigate the associated risk before it is too late.

In Conclusion: Cybersecurity risk linked to Access Rights is Everyone’s Concern

As cyber threats and ransomware attacks continue to proliferate, organizations must take more and more precautions to counter these potential attacks. At the same time, a paradigm shift is taking place. In the age of multi-cloud and big data, traditional cybersecurity models that set up the enterprise as a fortress are collapsing in favor of adopting a Zero Trust posture, thus eliminating the notion of implicit trust.

Identity, login and password theft have become commonplace, and the internal threat is real. Therefore, protecting identities and access rights must be at the heart of an organization’s concerns. Securing them in an optimal way is crucial to preserving the integrity of its assets. To achieve this, the steps to follow are summarized here. They must be able to:

Question existing cybersecurity strategies applied to identities and access rights to adjust them to both the evolution of threats and the complex architecture of their hybrid infrastructures
Adopt an approach that allows them to identify and control identity and access rights risks
Implement a solution that enables them to industrialize the execution of identity and access rights controls
Use analytics tools in a preventative manner to identify any unusual situation that could potentially pose a risk

With the integrity of an organization’s assets at stake, securing identities and access rights is the only way to face cyber threats head on.

We hope this blog series was informative and helped enlighten you about the best mode of prevention: monitoring access rights by using an effective and efficient identity analytics solution.

Be sure to join us at the upcoming Identiverse conference from May 30 through June 2 in Las Vegas, Nevada, and speak to our experts who can get you started on the way to solidifying your company’s cybersecurity strategy.

A lighthouse shines its beam across a rocky coastline under a cloudy, dark blue sky, with waves crashing against the rocks in the foreground.

The Growing Threat of Ransomware and Cyber Risk: Sophisticated Approaches and Costly Impacts

May 17, 2023/in Blog Sebastien Faivre/by Josue Ochoa

Strengthening Cybersecurity Models to Counter Threat

One year after the start of the Russian-Ukrainian conflict, the Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) continues to emphasize the cybersecurity recommendations it issued the previous year in February 2022. The Shields Up campaign specifically raises awareness about the possibility of sponsored cyber-attacks targeting companies and other entities associated with the American aerospace and defense sectors.

Ransomware attacks, as well as other means of catastrophically destabilizing and destroying a company’s information systems, are on the rise and becoming more and more dangerous. In this article, we will delve into some of the specifics of the risks relating to these attacks and what organizations can do to best protect themselves, their data and the longevity of their business activity.

Ransomware Attack: Definition and Mode of Operation

A ransomware attack is one type of cyber-attack that an organization could potentially face. In this scenario, a hacker takes control of the information systems and encrypts part or all of the data they contain. If this action is reversible, it is followed by a ransom demand from the attacker. This is usually accompanied by a threat to disclose, damage or delete the data held hostage by this individual or group.

Although the attacker can use several methods such as sending an email containing a dangerous attachment or inviting users to click on a fraudulent website, their objective always remains the same: to break into the information systems and access the key assets and resources of the company. Once inside the systems, the ransomware attack begins in earnest, using the organization’s access accounts and potentially hacked identities. A ransomware attack is, therefore, always the consequence of a malicious intrusion followed by an exploitation phase using one or more user or technical accounts with sufficient privileges.

Dealing with the threat of ransomware attacks cannot be reduced to simply equipping yourself with a good extended detection and response (XDR) or anti-virus system, no matter how effective it may be.

Faced with the growing creativity of hackers as well as with internal threats which together represent the greatest percentage of cyber risk, there is one key word that sums up a company’s responsibility in preventing cyber threats: readiness.

A Growing Threat with Sophisticated Approaches and Costly Impacts

Among the cyber threats identified, the risk of ransomware attacks remains high. In 2022, this type of attack was responsible for 11% of data breaches compared to 7.8% in 2021, an increase of 41% in one year¹. Beyond this, the evolution of the tactics used by the perpetrators of these attacks calls for great caution. Through the deployment of increasingly sophisticated strategies and the targeting of more discreet accesses, ransomware attacks often go undetected, leaving attackers significant leeway in compromising all of an organization’s resources in a very short time. The impact of this type of attack is quite considerable. Beyond the disruption of its activity, a company’s potential loss of credibility and reputation can come at a price: $4.54 million on average,¹ not counting the cost of a possible ransom.

In fact, ransomware attacks are a critical risk for organizations and require the deployment of optimal protection and security measures. Legacy anti-virus software, as useful as it may be in countering attacks, will not be sufficient in protecting an organization’s assets. With the increasing sophistication of attacks, new questions are emerging. How can the impact of a successful attack be minimized, and its risk anticipated? What are the vulnerabilities that could be exploited and how can they be identified?

Application Sprawl and Cloud Computing: Access Rights Security First

Other issues beyond the prevalence of ransomware have caused organizations to need to be more vigilant in their cybersecurity policies and posture, including the ever-increasing presence of data, assets and resources in the cloud. Over the last few years, more and more companies have embraced this concept, sometimes precipitously, whether it be to capture new opportunities, optimize productivity, develop innovative capabilities, or meet the needs of remotely working employees. As a result, most of them have hybrid and complex architectures due to their use of cloud computing.

While the move to the cloud is widely perceived as a step forward, it is not without risk. In 2022, 45% of all reported data breaches occurred in the cloud.¹ As data is stored, processed and managed via remote services, new issues around securing access rights are emerging, bringing with them associated strategies and controls.

Similarly, with the increase of the cloud’s presence in day-to-day operations, companies are seeing the number of applications used by departments and employees grow, both locally and in the cloud. Today, most departments have 40 to 60 tools each, with over 200 applications at the enterprise level. Large organizations have an average of 364 tools, while small businesses have an average portfolio of 242 applications.²

The explosion in the volume of data stored and the number of applications used, as well as the emergence of new uses with the advent of the cloud, represent a real challenge. How can access to all of a company’s resources be controlled while being scattered on both sides of the information systems, locally or in the cloud? At a time when potential attack surfaces are multiplying, what are the ways to know exactly who is accessing what resources at the scale of an organization and how this can be verified?

Human Error and Negligence: A Major Vector of Risk

In its 2022 report on the cost of global insider threats, the Ponemon Institute reported that 56% of attacks that occurred in the companies it surveyed were the direct result of employee or contractor negligence. Additionally, the same entity stated that incidents occurring within the organization have jumped 44 percent in the past two years. The average cost per incident has increased by more than a third to $15.38 million. More than 1,500 of the total incidents reported by the organizations surveyed, or nearly 26%, were caused by malicious internal users, with an average cost of $648,062 per incident.³

While it is never pleasant for an organization to imagine that the threat could come from within, this is, unfortunately, a common occurrence. It is therefore necessary to deploy measures to protect against it. For some, session locking, while widely practiced, is rudimentary and far from being adopted unanimously throughout an organization. However, it is the first line of defense against the theft of logins and passwords, and by extension, identity theft. In the same way, at a time when some people avoid using any public Wi-Fi network, others will be happy to take full advantage of working remotely and use the network, often unsecured, of the local café or business to send their emails to both internal and external recipients. Consideration of the risks associated with this type of practice varies from one individual to another.

Mitigate Risk with Principles of Least Privilege and Identity Analytics

The lack of terminal security, the failure to respect security policies in force within a company, and the non-execution of available updates and patches can also be particularly concerning. While awareness and training on cyber risk is desirable and the implementation of a strict internal security policy is necessary, it will never be enough to mitigate this type of situation.

One way to balance this out is to enforce the principle of least privilege as a way of reducing the attack surface. In general, access rights and permissions should be granted in as fair a manner as possible, and only when needed. In addition to the principle of least privilege, the need-to-know principle and segregation of duties policies can help an organization to better monitor who has access to what and if this access is legitimate as a means of countering the risk that comes with employee and third-party negligence or malice.

In the third and final blog in this series, we will explore how to counter cyber threats by using an identity analytics tool that, at its root, provides a way to be sure that the right person has the right access to the right data at the right time. Until then, schedule a meeting with our team at the upcoming Identiverse conference from May 30 through June 2 in Las Vegas, Nevada, we’d love to connect in person.

SOURCES:

Cost of a Data Breach Report 2022, IBM and Ponemon Institute, https://www.ibm.com/reports/data-breach
https://productiv.com/wp-content/uploads/2022/01/productiv-the-state-of-saas-sprawl-ebook.pdf
https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-fr-tr-the-cost-of-insider-threats-ponemon-report.pdf
Ponemon Institute’s, A Crisis In Third-Party Remote Access Security Report, 2021 https://security.imprivata.com/wp-state-of-cybersecurity-third-party-remote-access-register.html

Aerial view of a plaza with groups of people walking and gathering on a wide paved surface, bordered by two symmetrical landscaped gardens with curving green hedges and pathways.

Using Identity Analytics to Fight Ransomware and other Cyber Threats

May 10, 2023/in Blog Sebastien Faivre/by Josue Ochoa

Cyber-Threat in 2023 and Beyond: Vigilance is Still Required

One year after the start of the Russian-Ukrainian conflict, the Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) continues to stand by its cybersecurity recommendations issued the previous year in February 2022. The Shields Up campaign specifically raised awareness about the possibility of sponsored cyber-attacks targeting companies and other entities associated with the American aerospace and defense sectors.

As part of the proactive measures, the Shields Up programs highly encourages any Chief Information Security Officer (CISO) to be empowered as well as included in any conversations or decisions involving the cyber risk facing their company. Additionally, it would be their responsibility to inform all those working for the organization of the high level of importance regarding the security policies, processes and tools in place meant to keep the entity as protected as possible from intrusion.

The recommendations include creating a reporting system for notification and documentation of incidents and threats to inform members of the senior management team as well as government entities of the issues. The risk sensitivity should be heightened to a threshold that makes even the smallest incident worthy of reporting.

In the realm of cyber threats, nothing can be overlooked or ignored, no matter the perceived insignificance.

Lastly, as with on-premise fire drills which are practiced in case of emergency, the same measure should be taken with regards to cyber incidents. A strategic plan should be outlined and practiced at all levels of the organization so that, in the event of an attack, precious time is not wasted due to the lack of familiarity of the internal threat or breach protocol.

As a general rule of thumb, for the CISO and the organization that he oversees, cyber threats and protective actions regarding breaches and incidents should be the top security priority for all.

Additional Cybersecurity Measures

In addition to the preventative measures that are put into place within entities themselves, the CISA launched the Ransomware Vulnerability Warning Pilot (RVWP) in March 2023. This is a program by which data sources, tools and other resources at the disposal of CISA can be shared and leveraged in order to fight back against ransomware attacks. One of the programs entails companies enrolling in scanning services that help them to stay aware of any potential issues and allows them to be easily notified in the case of a perceived threat. For those who chose not to enroll, other vulnerabilities that could open themselves up to ransomware opportunities can be exposed using public and commercial sources.

The continuation of the Shields Up program as well as the Ransomware Vulnerability Warning Pilot (RVWP) sends a clear message to U.S. and European organizations: this is not the time to relax, as the risk of cyber-attack remains high. Organizations must maintain a heightened level of vigilance to be able to be prepared for and counter potential attacks. be prepared for and counter potential attacks.

Ransomware and other Cyber Risks: An overview

We have all heard the stories. A sophisticated hacker finds a way into a company’s information systems, traversing every security measure put into place and considered to be impenetrable by those in charge. Once this person is on the inside, he takes control of key elements within the systems and can either sabotage the data, assets and resources of the company, or he can do something much worse: demand a ransom in order for the company to be given back access to their assets once the ransom is paid. Mirroring the way high profile kidnappings work, instead of dealing with individuals, here are we are focused on the very heart and soul of an organization: its financial data, customer lists and intellectual property as well as any other proprietary information linked to their product offering. With that securely in the hands of a malicious entity, the company has no choice but to pay up or close shop.

While ransomware is most often the work of an individual or group outside of an organization, the other significant threat to a company’s security posture is an attack by someone within the organization itself. This can be someone who has gained access to certain data, applications or other resources that allows him to manipulate the data for their own means. This could include fraudulent financial activities as well as seizing control and sabotaging key assets of the company.

Both ransomware and insider threats are closely associated with one pillar of the security strategy of a company: identity.

Identity refers to any type of access right, whether it be linked to an individual or a non-named account such as a service or technical account. Once an entity has access to an account—especially those with elevated privileges and permission to access highly sensitive tools and data—havoc can be wreaked quite easily throughout the organization. But one thing should be kept in mind: this can be either intentional or unintentional. There is, at times, human error and mistakes that put a company in a precarious position without any willingness on the part of the perpetrator.

For these reasons, monitoring and controlling identities having access to information systems is the first step in combatting cyber risk. From threat assessment to best practices, monitoring identities and securing access rights is one of the key pillars of a security and risk strategy, and the best way to focus on access rights and permissions proactively and preventatively is by using an identity analytics software solution.

Identity Analytics Can Help Prevent Cybersecurity Risks

Identity analytics is a true science of access rights, designed to help with the detection, measurement and reduction of risk related to data quality issues linked to access. A specially designed solution provides a full understanding of access rights, enabling the knowledge of who has access to what and to what extent. This clarity assists in making better decisions, which, in turn, helps with compliance with both internal and external security policies and guidelines.

Today, by focusing on identity as a key part of a cybersecurity strategy, the question of how to best protect an organization’s resources and those who use them is being asked again. For a long time, digital identity had been perceived as unchangeable and needed to be secured only once, especially when the authentication process had been reinforced. However, this thinking is outdated and new ways to view the role of identity with regards to cyber risk are being adopted.

With more and more access scenarios and the associated risks such as compromised systems, hacking and fraud, organizations must take an individual approach to these them. Considering the context, each user identity has its own rights, responsibilities and risk profile. This calls into question several years of identity principles which reigned over the standard, rigid management process for all collaborators and players.

I encourage readers to learn more about how identity analytics can help any organization bolster its current cybersecurity policy and posture to prevent catastrophic events from infiltrating their digital fortress. The second and third blogs in this series will provide in-depth information about ransomware and other cyber threats, as well as the detailed methodology involving identity analytics that will stop these threats dead in their tracks.

In the meantime, schedule a meeting with our team at the upcoming Identiverse conference from May 30 through June 2 in Las Vegas, Nevada, we’ll be happy to chat more with you in person.

A small, tree-covered island sits in calm water at sunset, with a forested shoreline and scattered houses in the background. A snow-capped mountain rises in the distance under a golden sky.

Are Identities Part of the Attack Surface?

April 19, 2023/in Blog Tari Schreider/by Josue Ochoa

One of the most exploitable assets of an IT estate is the information and assets of users; however, identities are often omitted from instantiation in an attack surface. Organizations must stop thinking of identities as only something to control access and start thinking of identities as a top domain asset that is the entre to an attack surface. One must remember that an asset is anything of value, and identities certainly qualify as assets.

The need to treat identities as exploitable components of an attack surface is grounded in threat research. Verizon’s 2022 Data Breach Investigations Report stated that the “human element” is the primary means of initial access in 82% of breaches. Regardless of whether social engineering or stolen credentials are used, the common denominator is that identities were used as the attack vector.

So, we’re on the same page, identity-based attacks are one of the more rapidly growing threats to organizations. These attacks won’t decrease until we consider identities as part of the attack surface. In other words, acknowledge the problem.

How Did Identities Get Left Behind the Attack Surface Bandwagon?

Answering this question requires a nuanced approach. For three decades, identities were only thought of as something to provision, control access, and report. The cybersecurity industrial complex followed the mantra of need-to-know and least privilege, seldom looking outside the box of identities as an attack vector.

The quest to solve identity risk principally as an access problem drove an onslaught of identity and access management (IAM), privileged access management (PAM), and identity governance and administration (IGA) solutions. While these products were integrated with Active Directory (AD) as their authoritative identity source, AD vulnerabilities were often ignored.

Why? Few focused on connecting the dots by mapping out an identity attack surface. For example, AD is a prime target of hackers. Still, performing an identity ecosystem risk assessment was often skipped in deference to classic product risk assessments focused on access control restrictions. These partial identity risk assessments opened the door for successful Kerberoasting, password spraying, LDAP reconnaissance, and other sophisticated attacks against identity infrastructures.

Many of these attacks could have had proper defenses deployed if identities were treated as part of the attack surface, with threats revealed from a proper risk assessment. In today’s digital economy, identities are shared or federated everywhere, substantially expanding the identity attack surface. Lest we forget, harken back to the earlier pandemic days, with the scattering of identities to the world’s four corners and the rapid adoption of cloud computing.

Are Identities the New Perimeter?

Today’s network perimeter is gelatinous, following users as they travel, work at home, or exist within partner and vendor clouds. We have often thought endpoints defined the perimeter, but it is the user or their identity. The construct of an endpoint changes too often and is easily manipulated by adversaries. One could say the same of identities; however, it is the base essence of a trust model. The design of zero-trust architectures should begin at the identity level, not the device level.

The first barrier to overcome in addressing identities as the new perimeter is the poor quality of identity data. Identities can have many attributes shared and unique among different sources, and identities can morph over time, reflecting job status, roles, responsibilities, etc.

If there isn’t an identity fabric to weave these disparate identity attributes, the problem is exacerbated. Identity analytics is required to understand an identity attack surface. With user attributes spread across diverse data sources, including AD, LDAP, SQL, and APIs, piecing together an identity attack surface could take months, if not years.

Complex? Wait, it gets better. Decentralized identity, or DID, is going to change everything. DID is all about the sovereignty of one’s identity: The individual owns and controls their identity. The implications are that additional layers of technology on the attack surface—including the distributed ledger decentralized identities—will be controlled. Acknowledging identities as a gateway asset to an attack surface is gaining traction. This traction has led to the development of purpose-built products, including identity security posture management (ISPM) and identity attack surface management (IDASM), and identity threat detection and response (ITDR) to save the day.

But can these types of solutions save the day? Maybe! Institutions will still need a centralized place to visualize and manage all their identity data. But they will need to model identities between data sources to define today’s expansive cloud-based identity attack surfaces. This data can be ingested by leading attack surface management solutions using rich, extensible APIs.

What’s Next?

I encourage owners of identity stores, enterprise architects, and CISOs to start an internal working group to define how to identify their organization’s identity attack surface. This process begins with the inventory and centralization of identities and associated attributes across the IT estate and cloud ecosystem. Two essential technologies must be blended to ensure success: an identity fabric and an attack surface management platform. Why? Identities are assets, and an attack surface extends past identities. The objective is to acknowledge and integrate identities as an integral part of the attack surface, not treat it as a separate architectural access control exercise.

Questions or thoughts? You can get in touch with the Radiant Team, or follow Tari on LinkedIn for more industry insights.

A panoramic view of Tokyo with the Tokyo Skytree tower rising prominently, surrounded by dense city buildings, a river, and a bright blue sky scattered with clouds.

The Road to Identity-First Security: Identity Data & Observability

March 7, 2023/in Blog John Pritchard/by Josue Ochoa

Decentralization of Identity Data

As organizations move workloads out of the network and into the cloud, they are replacing traditional perimeter defense security techniques with a Zero Trust approach, bringing Identity to the forefront. Today, Identity and Access Management (IAM) teams are adopting numerous access control measures such as step-up authentication, privileged access management, least privilege provisioning, and fine-grained authorization to secure access to the network, resources, and applications. This growing number of controls adds defensive layers but also decentralizes decision-making across multiple policy enforcement points.

IAM strategies are changing from being completely centralized to having a combination of centralized policy management and governance, and decentralized policy enforcement. For example, an administrative policy can be executed by an Identity Governance and Administration (IGA) tool that manages entitlements, while a runtime policy can be executed by an access management tool that authorizes access to a resource.

Common to all policy engines is the need for identity data to evaluate every authentication and authorization decision. Getting the right identity data to the right places at the right time enables better risk-based access decisions. However, identity data itself is typically highly decentralized, existing in directories, databases, and SaaS applications across the enterprise. Differing user constituency requirements (employees, contractors, customers) and identity store deployments (on-prem and cloud) mean no single identity data repository exists.

While there have been notable advances in the areas of policy orchestration (employee, customer and IoT on-boarding journeys) and policy management (Open Policy Agent and fine-grained authorization), there has been much less focus on the role of policy information–the underlying identity data. When identity data issues occur—such as partial, inaccurate, or stale data, or even an unauthorized change—the impact can rapidly multiply and escalate in an environment with multiple policy decision points. These data incidents can have significant consequences and multiple negative repercussions from lack of trust to loss of revenue. A lack of visibility into data quality can also produce false positive indications or faulty insights, which can lead the organization to make poor decisions.

At the end of the day, every application and decision point wants to go to one place to get all the identity data it needs to perform its function in exactly the format, structure, schema, and protocol that it needs. A simple starting point is to integrate distributed identity data via a series of authoritative identity data pipelines, weaving together identity attributes into an Identity Data Fabric that is bi-directionally synced on a regular basis. Its purpose is to deliver accurate, flexible, reusable, and consistent identity data to policy engines across the entire IT landscape.

The Need for Identity Observability

Identity data pipelines alone do not equal good policy enforcement. High quality, governed policy information is essential for policy engine execution. You need the right data for the right decisions.

Identity Observability is the ability to assess the health and usage of all identity data within an organization regardless of where it is stored, and gain visibility into health indicators of the overall identity infrastructure.

By using a combination of attribute and schema changes with time-series analysis, an observer can interpret the health of datasets and pipelines, identifying risk areas that undermine policy engine execution. Identity Observability enables identity teams to set monitors and be alerted about data quality issues across the overall system. What is key here is the emphasis on quality in addition to uptime.

Why is this important? Because while your infrastructure may look fine and your identity data pipelines are operational, your underlying identity data may have changed in a way that changes the outcomes of your distributed policy engines. Thus, to ensure that the identity governance you are performing is accurate and valuable, you need to observe the data, the pipelines, and the infrastructure at the same time.

Within your Identity Data Fabric, you need to gather metadata attributes that allow you to assess data quality, namely timeliness, completeness, distribution, schema, and lineage. This can be described as data observability. Once aggregated, this data can be analyzed with advanced AI and ML processes to identify patterns, outliers, associations, remediations, and cross entity relationships previously hidden in the data.

Additionally, identity data pipelines that federate backend data sources need to be monitored for changes in volume, behavior, drift, and uptime. This can be described as pipeline observability.

Lastly, you need to monitor the underlying execution environment for compute, storage, and networking health and performance. This is infrastructure observability.

The main goals of Identity Observability are to minimize “time to insight,” which is the time to understand what is happening in the system and “time to resolve,” the time to resolve quality of service issues.

Identity Observability Metadata

Identity Observability relies on automated sourcing, identification, analysis, insight, logging and tracing of identity data, data pipelines and identity infrastructure to evaluate data quality and identify issues. To generate this type of end-to-end data observability, it is necessary to collect, record, and trace specific identity metadata throughout your environment:

Timeliness: Recording when identity data is created, updated, or deleted allows you to determine how current the data is and if it needs to be refreshed. In a highly distributed environment, it is common for data synchronization to occur in batch or within synchronization windows. Observing timeliness allows you to evaluate identity data as time series changes. Ideally, when possible, identity data changes can be captured, analyzed, and applied in near real-time to ensure the most accurate policy decisions.
Completeness: Missing values indicate that no data value is stored for the attribute in an observation. Understanding incomplete data is important because missing values can add ambiguity and result in inaccurate decision making or complete process breakdown. Observability provides the opportunity to not only identify critical gaps in data values, but potentially automate remediations.
Distribution:
- Analyzing the distribution of identity data is a powerful data science technique to uncover unexpected changes and anomalies. Distribution refers to the shape of the data. It can be the frequency of a category, i.e., the number of occurrences, or the descriptive statistics of numerical values (average, mean, standard deviation).
- Distribution metrics allow organizations to establish baselines from which change can be evaluated. Extreme variance in data can indicate accuracy concerns. Distribution measures can identify anomalies that may indicate an unexpected change in your data source or monitor for changes that fall outside an expected range.
Volume: Logging the amount of identity data that is transiting through pipelines allows you to define baselines and determine whether your identity data source generation is meeting expected thresholds or exhibiting anomalous behavior. Understanding the scale of the identity data at work in the environment provides insight into proper sizing of other components in the IAM and ZTA architecture.
Schema: Schema analysis monitors for changes in the underlying data structure. Numeric data suddenly represented as text data, or a flattening of hierarchical relationships will impact downstream clients. Combining schema change metadata with other observations such as volume, allows teams to evaluate the impact on dependent systems. Considering how many clients access a particular view (volume metric) that has had a data attribute change (schema) allows organizations to make informed decisions about impact and remediation.

Beyond Policy Engines, Data Observability is Important to AI/ML

Artificial intelligence (AI) and Machine learning (ML) are potential game changers for securing the enterprise. The ability to infer risk based on behavior sets the stage for organizations to implement real-time and adaptive controls. AI/ML in IAM, however, is still very much in its infancy. The prevalence of false positives or opaqueness of underlying risk engines have yielded skepticism. AI/ML depends upon data to feed its models. The reliability of that data, more so than the amount, can directly impact the success of those models. The issue is not more data, but better data. Even small-scale errors in training data can lead to large-scale errors in the output.

Although incomplete, inconsistent, or missing data can drastically reduce AI/ML prediction strength, timeliness metadata—more so than any other type of data—is the greatest concern in developing AI/ML models. A complete and accurate, yet stale, data set will lead to a prediction model trained to interpret behavior of the past. Implementing practices like Identity Observability dramatically improves the potential accuracy of AI/ML risk signals.

Next Steps

Zero Trust, Identity-first strategies are driving decentralized policy enforcement. Identity data engineering solutions like Identity Observability ensure policy engines have the right data for the right decisions. Even organizations at the beginning of an IGA initiative are well served addressing their data issues first and setting a solid foundation to serve dynamic runtime authorization.

So, what do you think? I encourage you to reach out and contact us, let us know what you envision your organization doing with Identity Observability in your future.

Two pilots, seen from behind, sit in the cockpit of an airplane, surrounded by control panels and instruments, steering the aircraft while clouds are visible through the windshield.

Artificial Intelligence and Identity and Access Management

March 6, 2023/in Blog The Radiant Team/by Josue Ochoa

AI-driven Identity and Access Management (IAM) refers to the utilization of Artificial Intelligence (AI) in managing user identities and controlling access privileges to critical resources within a company. It fills the need for cybersecurity solutions that monitor permissions and ensure the safety of sensitive information. By integrating AI-driven identity analytics with existing IAM solutions, organizations can greatly enhance the efficacy and value of their IAM investments.

Across the enterprise, AI-driven IAM provides:

Continuous user access visibility
Real-time information
Control
Remediation

With the expanding digital landscape, the demand for advanced cybersecurity solutions that provide robust control over access permissions while ensuring the safety of sensitive information is growing. AI-driven IAM analyzes large volumes of data and delivers real-time insights, enabling organizations to effectively manage user identities and control access privileges. This technology utilizes AI and machine learning capabilities to streamline identity management processes and enhance operational efficiency. By leveraging AI-driven IAM, organizations can ensure the safety of critical resources while reducing manual effort and improving overall security posture.

Get Ready for Generative AI in IAM in 2024

One significant aspect of AI-driven IAM is AI-Driven Identity Governance and Administration (IGA). AI-driven IGA harnesses the power of artificial intelligence to oversee, evaluate, and govern identities and their access within an organization. Integrating AI into the IGA process helps companies leverage advanced analytics and machine learning capabilities to streamline identity management and simplify access controls.

AI-driven Identity Governance and Administration (IGA) is a cutting-edge approach that harnesses the power of artificial intelligence to effectively manage, audit, and control identities and their access within an organization. By integrating AI into the IGA process, companies can leverage advanced analytics and machine learning capabilities to streamline identity management and simplify access controls.

AI-driven IAM and AI-driven IGA enable organizations to tackle the complexities associated with identity management and entitlement sprawl. With AI-driven IAM, processes can autonomously run and continuously adapt to changing user access patterns, reducing manual effort and increasing operational efficiency. AI-driven IGA ensures that user identities are effectively governed and access privileges are aligned with security policies. Leveraging AI within identity and access management process helps organizations:

Elevate user experience
Improve operational efficiency
Ensure enhanced security

By analyzing user behavior and detecting anomalies, generative AI helps counteract threats and security weaknesses. Its integration into IAM enables organizations to monitor access policies and identify possible internal threats, empowering them to take preemptive action against risks. The combination of generative AI and IAM enhances user experience, user identities, and overall security.

AI Copilot for IAM

To streamline complex IAM tasks and enhance user experience, organizations can rely on an IAM copilot. Powered by GenAI technology, an IAM copilot automates IAM tasks through natural language interactions. It offers a user-friendly experience and enhances efficiency in IAM operations.

IAM copilot features require addressing factors such as:

Security
Privacy
Comprehension
Reliability
Scalability

By integrating AI and machine learning capabilities, organizations can effectively manage user identities, control access privileges, and mitigate security risks. These AI-driven solutions enable organizations to adapt to the evolving digital landscape and ensure the safety of sensitive information.

With the increasing complexity of cybersecurity threats, the adoption of AI-driven IAM and related technologies is becoming essential for organizations to stay ahead in the ever-changing landscape of cybersecurity.

One Step Ahead With AI-Driven IAM

Additional research and development in the field of AI-driven IAM will further enhance its capabilities, making it an indispensable tool for organizations striving to strengthen their cybersecurity measures. Organizations that embrace these innovations will be better equipped to secure their data, maintain regulatory compliance, and protect against emerging threats in today’s digital age.

This continuous evolution of AI-driven IAM will play a crucial role in keeping organizations safe and secure in the future. By constantly learning and adapting, AI-driven IAM has the potential to revolutionize identity management and access control, making it a key component of cybersecurity strategies worldwide. So, it is crucial for organizations to stay updated with the latest developments in AI-driven IAM and incorporate them into their security practices for optimal protection against cyber threats.

In conclusion, the integration of AI in IAM has opened up new possibilities for organizations to enhance their cybersecurity measures and streamline identity management processes. From AI-driven IAM to generative AI for IAM and IAM copilot, these innovative solutions are continuously evolving and will play a crucial role in keeping organizations safe from cyber threats.

As we move towards a more digital future, embracing AI-driven IAM will be imperative for organizations to stay ahead and protect their valuable assets. So, it is crucial for companies to invest in these technologies and leverage their capabilities to achieve a strong and resilient security posture.

The integration of AI in identity and access management empowers them to stay ahead in the evolving digital landscape while effectively managing user identities and controlling access privileges. The future of cybersecurity lies in the integration of AI with traditional IAM solutions, and those who embrace this approach will have a competitive advantage in the ever-changing digital landscape.

A person stands at the illuminated entrance of an icy cave with sculpted, blue walls, casting dramatic shadows. The textured ice creates a tunnel effect leading toward the bright opening.

Have You Identified Where Your Next Breach is Coming From?

November 10, 2022/in Blog Ken Jochims/by Josue Ochoa

Identity growth is expanding rapidly—humans and machines together are pushing the limits of existing identity management solutions and infrastructure. With no end in sight and with identities becoming an evolving threat vector, organizations need to take stock of how existing systems can be streamlined, limit risk exposure, and improve operations.

Read on to learn how Radiant Logic can help improve your risk posture, streamline identity operations, and make your finance team happy too—with results vetted by Forrester Consulting’s Total Economic Impact of Radiant Logic.

Where Did All These Identities Come From?

The move to mobile devices, the drive to digitally transform all aspects of business, and the connection of everything from cars to toasters have dramatically increased the number of human and machine identities. This growth has increased organizational awareness of the need to secure these identities to allow legitimate users to access network resources securely and successfully. Unfortunately, bad actors have also tracked this growth and are using identity access as a threat vector.

As a result of the increase in human and machine identities, organizations have been challenged to keep these identities secure. As noted in the 2022 Trends in Securing Digital Identities, the source of 98% of these new identities are being driven by cloud adoption, third-party relationships, and machine identities.

As the number and complexity of identities organizations are required to manage and secure increases, so does the risk of identity-related breaches. Every improperly managed or secured identity increases the magnitude of the attack surface, enabling breaches across multiple fronts.

The High Cost of an Identity-Related Breach

The study also disclosed that shockingly 84% of businesses surveyed reported they suffered an identity-related breach in the past year. Identity-related security breaches are incredibly damaging to the business and employees or customers. Breaches wreak havoc and incur costs in a number of ways:

Company reputations are ruined
Breaches are the source of follow-on identity theft or other malicious activities
Public companies that experience a breach tend to see a –3.5% drop in stock value
Additionally, the annual Ponemon/IBM Cost of a Data Breach Report 2022 calculated the cost of an average breach at $4.35 million

Trusted Identity Data is Critical to Enabling Secure Access Control

Today’s complex identity environments span legacy identity data and cloud sources and hybrid mixes of both. And the only way to ensure identity-consuming applications can effectively manage access and governance tasks, is to ensure they are provided with precise, timely identity data. Better known as trusted identity data, it’s crucial to enabling an organization to enforce necessary secure access control.

Unfortunately, the data attributes required to deliver trusted identity data must be dynamically assembled across complex identity stores. Get one attribute wrong out of hundreds or thousands, like a termination date, and you open your organization up to a breach. Compounding the problem are legacy data stores that are no longer supported, causing them to be insecure and unable to keep up with regulatory requirements.

What’s an Identity Data Fabric and how does it reduce breaches?

A proven way to reduce the risk of identity-related security breaches is to create an abstraction layer known as an Identity Data Fabric. Radiant Logic delivers a proven integration solution to connect disparate data sources across legacy, on-premises, and cloud infrastructures to provide real-time data simultaneously in the exact format, structure, and schema each consuming application requires.

Radiant Logic offers organizations a unified and continually updated source of identity data integration, management, use, and protection across applications and the entire IAM architect

Proving RadiantOne’s Impact on Security and Risk

Radiant Logic’s Identity Data Fabric delivers proven capabilities for a range of industries to help minimize their exposure to identity-related breaches. As detailed in a Forrester Total Economic Impact study, Radiant Logic enabled organizations to reduce data security breaches by 25%, saving millions of dollars in operational costs from breach-related expenses. Additional savings, not considered in these numbers, are costs related to brand and reputational damage or governmental fines.

A director of IAM interviewed for the survey told Forrester:

“The more identities our organization has to manage, store, and keep track of, the higher the risk of a data security breach. Radiant Logic has reduced this risk by allowing us to build out views and profiles and more effectively manage and monitor identities and their corresponding access to applications. Radiant Logic has allowed us to better control access, control accounts, and control the firewall rules that need to be open. Radiant Logic has enhanced our cybersecurity posture.”

How Technical Debt Hurts Security

Another critical factor in ensuring identity security is reducing technical debt, comprised of legacy infrastructure, maintenance of legacy systems, and cloud IAM service costs. Implementing Radiant Logic improves an organization’s security posture and dramatically reduces the costs associated with implementing Radiant Logic by over $9 Million for the study’s composite organization.

As another interviewee, a director of customer identity management, shared:

“With Radiant Logic, we have been able to take all of our applications along with their own corresponding security databases and consolidate them into one. We have moved all legacy applications and disparate security databases to one highly secure identity provider.”

Securing the Business and Saving the Budget

The most exciting takeaway from the Forrester study was the overall economics of how organizations can improve their security posture and provide an amazing return on investment. This blog focuses on how Radiant Logic can secure organizations while showing an economic justification to support its use. But, the study didn’t stop there; it provided cost benefits applicable across the entire identity infrastructure, saving a total of $20 Million for the composite organization. To find out more ways your organization can streamline identity operations, check out the Total Economic Impact of Radiant Logic or contact us for more information.

A large, old, abandoned mansion stands in the dark, illuminated by a blue hue with several windows glowing yellow, surrounded by overgrown grass and trees, creating a mysterious and eerie atmosphere.

Technical Debt: A Scary Story to Tell in the Dark

October 31, 2022/in Blog Lauren Selby/by Josue Ochoa

And how to send it back from whence it came!

Boo!

Last week, we were thrilled to announce the launch of Radiant Logic’s Total Economic Impact (TEI), a study that Forrester Consulting produced from extensive research into five long-standing Radiant Logic customers’ deployment of the RadiantOne Intelligent Identity Data Platform.

This study can be a helpful guide to more strategically invest as you look into your crystal ball and plan IT spend for the next year and beyond. Getting maximum value out of past and future identity investments, and slashing spending where you can, is key—and much more easily done with RadiantOne in the architecture.

Over the coming weeks we’ll be exploring more in depth some of the findings from the study, which found six major areas of benefit to our customers:

Reduction in technical debt
Reduced risk of data security breach
Avoided labor costs
Operational efficiency gains
Cost savings from faster time-to-value
Reduction in audit and compliance costs

The most eye-popping outcome Forrester found was the reduction in technical debt that Radiant Logic customers can (grim) reap(er).

Budget-Sucking Identity Systems

Large, complex organizations are often haunted by an accumulation of legacy infrastructure, Frankenstein-like identity systems, and tightly coupled services that are difficult to evolve or get out of, even long after they’ve become obsolete. Some zombies like ODSEE, eDirectory, etc. are so painful to replace that organizations maintain them for years after they should have been laid to rest. Other organizations think migrating to the cloud offers an escape—only to find that this move only adds to their debt, becoming another redundant silo of identity data that they have to support and pay for.

These systems are frighteningly expensive to own, not only in terms of licensing, but also due to maintenance and support fees, wasted time troubleshooting, and opportunity cost—all just to keep a decomposing system alive (it’s aliiiiiiiive!).

Don’t let these walking dead technologies eat your budget.

The Call is Coming from Inside the House!

Because so many organizations are dealing with labyrinthian cases of identity sprawl causing:

Ineffective legacy architecture
Inaccessible data
Complex and inefficient IAM processes
Limited ability to work on strategic goals

…they often have a hard time with basic business tasks—like navigating mergers and acquisitions, getting new employees up and running, deploying new applications.

Add to that repeated security breaches due to lack of visibility and control of identity, and many identity teams end up hating their identity management and directory services—and asking themselves why it won’t just DIE.

But there is hope, as evidenced by the TEI study. For the study, Forrester built a composite organization to represent a “typical” customer and the value they could expect from RadiantOne. This composite organization (a global organization with 200,000 internal identities and 5 million external identities) was able to realize $9.2 million in benefits from retiring technical debt alone.

Our real-life customers say it best. One customer interviewed for the study shared:

“Radiant Logic has allowed us to eliminate old technology and tools and services that were costly to maintain, yet ineffective.”

-Director of IAM in the healthcare industry

Be the Final Girl: RadiantOne to the Rescue

RadiantOne enables organizations to eviscerate technical debt and start taking advantage of modern approaches and technologies—from advanced security frameworks like Zero Trust Architecture (ZTA), to standards-based protocols, and cloud and hybrid architectures.

There’s a ripple effect from upleveling your identity infrastructure—it bleeds into areas like operational efficiency, job satisfaction, and of course, improved security posture.

Get the Bats out of the Belfry: Reduce Identity Complexity and Redundancy

Legacy solutions are one problem–but the complex processes and integrations that have evolved over time as workarounds are a whole other bag of tricks. Gut them both with one fell swoop by streamlining the architecture.

As another customer shared with Forrester Consulting:

“With Radiant Logic we have been able to consolidate directories into a single platform, and we have been able to decommission identity silos and all the operations and the tech stack that we built to keep that old architecture up and running.”

-Principal IAM architect

Pivot your IT spend (and labor and other resources!) away from maintenance and support to more impactful, business-aligned projects like enhancing customer experience, boosting productivity, avoiding regulatory compliance fees, and so on.

Wrapped up in tech debt, immobilized by layers of dependencies and vendor lock-in? We’ll help you de-mummify.

Ready for the Sequel: Maintain Flexibility and Control

Today, do you know how much of your organization’s IT hours are spent trying to reduce technical debt? It’s probably too many, and for too little return. RadiantOne can accelerate the pace, whether in the context of a directory modernization project, cloud migration, or any other identity-driven initiative where flexibility is crucial.

RadiantOne helps IT be a partner to the business by enabling transformation at a faster clip and lower cost. Consolidating identity functions into a flexible platform lets you keep what you like, lose what you don’t, and turn your attention to higher-level projects.

A senior IAM leader in healthcare told Forrester: “We wanted to address technical debt. Ever since we moved our data into Radiant Logic and started using it as the authoritative data store we have been able to eliminate a lot of complexity and redundancy and avoid other technology renewals.”

Whatever tech debt looks like in your organization—a nest of Active Directories you can’t touch, custom databases containing bits and pieces of people (fragmented identities), evil twins (duplicate accounts), or extra cloud IAM services, RadiantOne can help. Kill it with fire! And by fire I mean the Identity Data Fabric approach.

Don’t Go In There! Don’t Go Up Those Stairs!

Whatever you do, don’t split up. Don’t try to go it alone: the DIY route just causes more delays, more headaches, and wasted time and resources as projects limp along or don’t succeed at all. Identity data management is done better with the right set of tools (chainsaw, ax, identity correlation) specialized for the job at hand.

If you want to drive a stake in the heart of tech debt, keep in mind that our composite organization reduced legacy infrastructure by $3 million in one year ALONE. It’s looking grim for that dug-in directory of yours.

Happy tech debt hunting, and Happy Halloween!

City street at night with tall, illuminated skyscrapers and light trails from passing vehicles, creating a vibrant, dynamic scene with reflections on the glass buildings and glowing streetlights.

What Could Your Organization Do With $20 Million?

October 25, 2022/in Blog Deborah McGinn/by Josue Ochoa

The Total Economic Impact of RadiantOne

That’s a pretty bold statement to make, especially in today’s current economic climate. But saving this much money from stretched IT budgets could go a long way. It could mean keeping new initiatives like cloud migrations or implementing Zero Trust moving forward. Not to mention how much smoother and faster upcoming mergers, acquisitions, or divestitures can be with Radiant Logic. And let’s face it, with recession talk increasing, these business priorities are only going to keep the pressure on IT teams to do more with less.

The results of our new Forrester Total Economic Impact™ (TEI) study could not be more timely. Based on feedback from longstanding customers, the financial model developed in this report demonstrated a six-month payback and a 239% ROI from organizations running the RadiantOne Intelligent Identity Data Platform.

In this report, Forrester’s consultants averaged the data from five Radiant Logic customers to create a composite organization. They then identified the benefits, risks, and outcomes customers experienced from using the RadiantOne Platform.

Here’s some of their key findings:

$20.3M in total savings over three years
239% ROI and payback within six months
$9.2M technical debt reduction
25% reduction in the risk of data breaches
80% operational efficiency boost

If you’re a skip-to-the-highlights kind of person, get the e-book here. If you’d like to read the full results, check out the complete study. Otherwise, keep reading and we’ll take a high-level look at some of the study’s key takeaways.

NEW: Now you can test the benefits of RadiantOne in your own organization with our ROI calculator.

Study Identifies Challenges of Inaccessible Identity Data

The study starts by exploring some of the difficulties in modern identity management. Before using Radiant Logic, interviewees reported challenges working with legacy technology, complex architecture, data redundancy, and tools that provided limited support and flexibility.

“As our organization grew, we were not able to support a growing number of identities. The Active Directory technology we were using did not allow us to move as fast as we wanted.”

-A senior IAM leader at a healthcare company

The inability to access identity data was a recurring roadblock for new and strategic business goals, leading to ineffective repeated processes and high opportunity costs. Without the agility to respond to business needs—not to mention the challenge of hiring the right skills and talent to complete the IAM tasks—identity management leaders can find themselves having to delay or deny revenue-generating projects.

Reducing the Burden of Technical Debt

Technical debt is an unavoidable reality for any large and complex enterprise, yet it stands in the way of modern initiatives like digital transformation and implementing Zero Trust. In addition, each year those aging systems become more and more costly to maintain, and the related skill set becomes even harder to find.

The Forrester TEI study found that by leveraging RadiantOne, organizations can decommission old technology, reduce complexity, and centralize identity functions. This resulted in $9 million dollars saved for the composite organization.

Not only does this lead to a savings in maintenance and troubleshooting costs, but they also reported savings associated with cloud vendors who may inadvertently contribute to technical debt.

“Radiant Logic has allowed us to eliminate old technology and tools and services that were costly to maintain, yet ineffective.”

-Director of IAM

Technical debt is hidden within every large enterprise, and often flies under the radar until it impedes a new project. Try our calculator to understand what you can save by reducing the technical debt burden.

ROI Calculator for Radiant Logic [banner] click link to see how much your organization can save.

Improved Cybersecurity Posture with Stronger Identity Data Management

Identity related breaches are an unfortunate reality—in fact, a recent study from Gartner Peer Insights revealed that 67% of organizations have experienced such a breach in the last year. And the cost of these breaches is steep—Forrester estimates an average cost of $2.4 million per breach, to say nothing of the loss of brand reputation and customer trust.

The Forrester TEI study found that by using Radiant Logic to enable precise identity data, greater insight, and better control, the composite organization experienced a 25% reduction in the likelihood of a breach as it reduces its security exposure.

“Radiant Logic has allowed us to better control access, control accounts, and control the firewall rules that need to be open. Radiant Logic has enhanced our cybersecurity posture.”

-Director of IAM

How to Do More with Less: Improving Operational Efficiency

We’re all familiar with the frustration that there’s never enough time, or resources to do what needs to get done–and that feeling is amplified when your time is spent on inefficient tasks, or maintaining outdated technology—all the while strategic projects get ignored.

According to the findings from the TEI study, with Radiant Logic, the interviewees’ organizations became more efficient and redeployed internal resources to higher value-added activities. They were able to automate manual tasks, simplify identity integration, and streamline processes, producing an operational efficiency boost of 80% in year 3.

“Since we adopted Radiant Logic we have been able to decrease the time it takes to create an account and to fully provision an identity from over 48 hours to 8 hours.”

–IAM Lead

The study also found that the composite organization was able to avoid adding 10 additional FTEs every year because Radiant Logic enabled the existing team to scale up, accelerate development, and meet growth targets. That’s ten new staff that don’t have to be recruited, hired, and trained—a major win in today’s tight skills market.

Looking for all the details or the numbers behind the model? Check out the full study, or catch the webinar with Radiant Logic’s Chad McDonald and Ken Jochims, or contact us for a conversation on how the RadiantOne could impact your organization.

Interior view of a grand rotunda with ornate architectural details, statues silhouetted in the foreground, large arched windows, and intricate artwork decorating the upper walls and dome ceiling.

It’s in the Playbook: Delivering the Master User Record for FICAM

September 23, 2022/in Blog Anne Garwood/by Josue Ochoa

Radiant has long been involved in the world of FICAM, or “Federal Identity, Credential, and Access Management.” I spent some time this week exploring the General Services Administration’s excellent series of FICAM Playbooks, where they lay out the ICAM Architecture to help agencies facilitate best practices for government employees, contractors, and other authorized partners. According to the GSA:

“ICAM is the set of tools, policies, and systems that an agency uses to enable the right individual to access the right resource, at the right time, for the right reason in support of federal business objectives.”

To this end, one of the key use cases for federal enterprise identity is the unique representation of an employee, a contractor, or an enterprise user, which could be anything from a mission or business partner to some sort of device or technology (the IoTs have entered the chat…). In fact, OMB Memo 22-09, instructs that “agencies should have a plan to create and maintain a master user record of all agency users at the enterprise level.”

But how do you enable the right access for the right user at the right time, especially in complex environments built over successive waves of innovation? That requires a deeper understanding of your users and the data they engage with, to ensure appropriate access, while always safeguarding sensitive information. That means having access to as many attributes as possible to enable the smartest decisions about which users are allowed to see what data.

The stakes are high in the federal space and knowing as much as possible about every user is critically important to the country’s safety and security. After all, they’re not only ensuring appropriate access for administrators in beltway office buildings—they’re also enabling the tip of the spear, our fighting forces out in the world, along with all the smart sensors and solenoids that power our tanks, planes, and warships.

The Matter of the MUR

When an agency onboards an employee or contractor, it collects identity information about that individual and stores those identity attributes as a digital proxy for their enterprise identity. According to the Identity Lifecycle Management Playbook, the Master User Record or MUR, is a “unique representation of a user’s accounts, personas, attributes, entitlements, and credentials within an organization.”

Sounds great, right? But creating this rich representation for each and every user is much easier said than done. No man is an island and no identity is entirely stored in one easy-to-reach modern data store. In fact, I’ve heard tell that somewhere in the bowels of the Department of Defense, they’re still maintaining equine identity data from the first world war. The horses? Long dead. But their identity attributes live on, because decommissioning that ancient data might break a still-necessary application. (BTW: If this story is overstated or apocryphal, I’d rather not know, because the idea of ol’ Trigger and Bess living on via ones and zeroes absolutely delights me…)

In our digital age, successive waves of innovation have crested, crashed, and gone back out to sea, leaving an alphabet soup of once- and still-dominant data sources: LDAP, AD, Web Service APIs. But the rich data contained within these stores helps draw a vivid picture of each user, giving you greater insight—if you can figure out how best to harness it. For most sizable organizations, however, identity data is siloed across multiple stores and not available at scale for the rapid decisions that drive modern security across key initiatives, from access management to Zero Trust.

Overcoming Complexity: There’s a Better Way

To keep pace with today’s risks and innovations, today’s organizations need ways to enable granular vetting that happens much more frequently—and at a higher level. But in a world of identity sprawl and heavy IT debt, it’s long been difficult to deliver all the identity data you need, in whatever format each consuming application requires.

Data is scattered across disparate stores with uncertain accuracy, quality, or integrity. Represented by different protocols, incompatible with other needed data, not available at scale so you can make smart decisions quickly—teams are overloaded and end users are frustrated. And here’s a hot tip: if you’re still architecting the data source for every initiative from scratch, you’re spending a ton of time and money on a fragile system that can’t be re-used.

The Unified Identity Data Foundation That Drives… Everything

You need a foundational layer that seamlessly unifies identity data across every source, transforming all that IT debt into a swift, scalable, easily consumable service that keeps your data secure and your end users happy.

Whether you know it as the Master User Record or something else, life’s a whole lot easier with a complete, well-vetted source of identity truth for your organization. One that’s unified across all your disparate attribute sources, so you can take advantage of all the richness within. One that gives you a global list of all your users, but also lets you go deep on each individual user with complete global profiles. One that’s always up-to-date and available, no matter what’s happening on the backend. Think of it this way: you can’t drive a car without the proper fuel—diesel in a gas tank will brick your engine—so we provide the curated identity attributes that make your identity data engine go.

From Virtual Directories to an Identity Data Fabric

Now, the playbook guidelines call for a virtual directory and we’re very proud that our founders invented that technology and we’ve spread the gospel of identity virtualization for years. But our dev team gets restless—antsy, even!—if they can’t innovate every day, so we’ve gone way beyond the virtual directory since then.

We’ve also partnered with many federal agencies over the years, so our RadiantOne Platform has a long history in the federal space. And the Identity Data Fabric we empower you to create is the foundational identity data unification layer across many agencies, speeding secure deployments and accelerating time-to-value.

RadiantOne empowers key identity-driven initiatives, anything that needs a curated, up-to-the-second view of identity, from all your IAM and IGA consuming applications to your Identity Fabric and Cybersecurity Mesh. We’re even part of the reference architecture for NIST’s NCoEE Zero Trust Initiative. So when you see the words “Master User Record,” think Radiant. And when you need to secure key initiatives quickly, without doing months (or years!) of one-off hard coding, please reach out—we are here to help!