sponsored

Authentication and IT Ecosystem: Leveraging Data from Multiple Sources

Look to the broader IT ecosystem for valuable data, additional insight that can dramatically improve your access decisions.

rsa bp article 8 istock 678755208 copy
iStock

Your immediate IT ecosystem is just one part of the broader IT ecosystem – and therefore just one source of information that can be used to authenticate identities and grant access to systems. From your threat detection system to your organization’s physical security systems, there are a variety of sources of data that can provide insights into identity assurance. When building out your identity assurance strategy, it’s worthwhile to look at the system management and security tools in the broader ecosystem and ask yourself: What information from these sources do I wish our identity system knew?

Here are a few examples of how you can apply data from a variety of sources for authentication and access purposes.

1.      Threat Detection – Including SIEM and CASB

We all know that identity assurance systems can feed log information to threat detection systems -- like Security Information and Event Management (SIEM) and Cloud Access Security Brokers (CASB) systems -- to help identify threats. In hand, SIEM and CASB systems can send threat alerts to identity assurance systems to step up authentication requirements. For example, when an alert is raised for a specific user, the identity system can adjust in response by requiring multi-factor authentication or, if the threat is significant, blocking access for the user until the threat is cleared. Similarly, if an alert is raised on a resource, anyone attempting access to that resource should be required to provide a higher level of assurance to get it. Again, in extreme cases, all access to a resource may need to be blocked.

The value of threat alerts from threat detection systems, whether raised on users or resources, lies in triggering the appropriate additional access security in real time. In addition to real-time threat information, many threat detection tools also offer additional risk analysis. This data should work with the risk analytics of the identity assurance system to raise or lower confidence in the user’s identity.

2.      Enterprise Mobility Management (EMM)

Mobile devices that are managed through a corporate EMM have a wealth of device data available for strengthening identity assurance. This device information can provide additional context for static rules, such as policies that foster easier access for users of corporate managed devices. It can also provide additional analytics insights to the identity risk engine.

3.      Physical Security Systems

Information about how people physically access buildings may not appear to have much of an impact on how they access digital information, but in reality, building access data can instill confidence that a user is who he or she claims to be. Integrating data from physical access systems into the identity risk engine extends identity insights. For example, if a user badges into an office in San Francisco and then, within a few minutes, attempts a login from London, that’s a clear signal to reassess the identity risk. Conversely, if the user enters the building he or she normally does and, following day-to-day patterns, accesses Office 365, that behavior is also worth considering in determining whether additional authentication is required.

Threat detection, EMM and physical security systems are by no means the only systems from which additional data about users can help feed behavioral recognition and static policy rules. By looking throughout your organization for systems that contain data to increase identity assurance, you can improve access security and, at the same time, reduce end-user friction. The important thing for your identity assurance strategy is not only having systems that contain these types of data, but also having real-time response capabilities in your identity system.

The message is simple and clear: Don’t overlook data from the broader IT ecosystem to help with ensuring secure, convenient access to resources. You can learn more about how RSA SecurID® Access is enabling access to the modern enterprise in this on-demand webinar.