If you\u2019re a fan of TV crime dramas, you\u2019ve no doubt seen one of those episodes where the bad guy gets away with something because the local police department doesn\u2019t have a key piece of information about him that the FBI does (or vice-versa). Meanwhile, there\u2019s usually a subplot going on at the same time, in which a perfectly innocent person is detained by the cops even though he didn\u2019t do anything wrong. Not only is he detained for no good reason, but by the time they figure it out and let him go on his way, the real criminal has done even more damage. If only they\u2019d had access to the data that would have placed the innocent party in another place at the time of the crime, they could have stopped wasting their (and his) time and focused instead on catching the actual bad guys.I don\u2019t know about you, but all this reminds me of today\u2019s identity and access challenges. You can have a robust identity and access management system with authentication capabilities that enable you to confidently distinguish legitimate users from cybercriminals\u2014but it would be even better if you could share different types of intelligence with other systems. This is the connected aspect of transforming secure access that I mentioned earlier while describing a path to modern authentication that\u2019s pervasive, connected and continuous.Just as authentication needs to be pervasive, in the sense of being everywhere users may be and everywhere applications may live, it also needs to be connected to every relevant system engaged in the mission to stop cybercrime. By connecting identity, threat and risk information across the IT infrastructure and business operations, security teams can be assured of having visibility into the information and intelligence they need to meet today\u2019s demands. Let\u2019s look at how identity and access management can connect with threat detection and response, as well as with GRC and risk management, to deliver the intelligence to transform secure access.Leveraging threat detection and response information for better access decisions (and vice-versa)By correlating identity and access information with threat and vulnerability data from the Security Operations Center (SOC), identity teams can respond proactively to require additional authentication when the potential user threat or application criticality warrants it. For example, when a threat detection and response solution detects suspicious activity from a user or device, that information can prompt the multi-factor authentication solution to confirm the user\u2019s identity, raising the level of assurance that they are who they claim to be.Similarly, the SOC team overseeing threat detection and response may become aware that a device is potentially compromised based on network traffic routed by a next-generation firewall. That awareness can be automatically shared with the identity team to prompt them to be on the alert for access attempts from that device, so additional authentication can be provided before access is granted.It\u2019s important to note that while additional authentication is required when the threat detection system provides context that warrants it, it\u2019s also not required when context points instead to a legitimate access attempt. In this way, the connected systems are working together not only to keep the bad guys out, but also to let the good guys in without undue inconvenience and delay. Using context in this way reduces the risk of a high rate of time-wasting false positives.Information-sharing between these two types of systems is a two-way street; in the other direction, sharing identity and authentication information with threat monitoring systems enables the latter\u2014 whether a security incident and event monitoring (SIEM) system, an endpoint detection solution or a next-generation firewall\u2014to spot, investigate and respond to credentials-based attacks faster.Connecting access management and identity governance with GRC to manage access riskJust as having more threat information can lead to better access decisions, having more information about the organization\u2019s risk posture can lead to better risk management by both identity teams and GRC teams. Authentication and identity governance solutions typically don\u2019t have insights into information about an organization\u2019s overall GRC controls and policies. But when they\u2019re connected with GRC systems, they can acquire more business context and risk information to manage access risk better. Consider these examples:Once an organization has used GRC to catalog information, quantify risks and create policies to address them, an identity governance solution can enforce those policies through access certification. The identity governance solution can specifically use application criticality data and data classification information from the GRC system to prioritize access decisions based on the most critical access violations.GRC data can also reveal when a targeted server or other asset contains sensitive HR information, valuable intellectual property or other critical data and alert the authentication solution to require a higher level of assurance that the user is who they claim to be.When a third party requests access to an application, the authentication system can detect if the request doesn\u2019t comply with established access policies and send that information back to the data governance solution to take another look at the third party\u2019s risk profile.Information-sharing is as much a two-way street when GRC systems are involved as when threat detection and response systems play a role: GRC systems can leverage access-related information to better understand the security risk an application presents, based on the number of orphaned accounts or entitlement anomalies associated with it, and then use that information to set risk management priorities.Those are just some of the ways sharing intelligence through connected systems can benefit identity, threat detection and GRC teams. Next time, we\u2019ll move from \u201cconnected\u201d to \u201ccontinuous,\u201d to take a close look at how pervasive and connected authentication results in continuous authentication, and to examine why this is more effective than a series of one-time events at the point of access. Together, the three characteristics of modern authentication\u2014pervasive, connected, continuous\u2014enable the secure access transformation that will make it possible to meet the security challenges posed by today\u2019s access environment.