From high technology to blunt force, the nature of potential threats and risk from both internal and external sources continues to expand, placing a spotlight on the need to implement new and improved security measures that cross existing security and operational platforms.
t would certainly make the most sense to base every security and operational decision on insights gleaned from historical data correlated with real-time information. However, the traditional approach to security has not functioned that way. Today’s alarm-based processes are primarily reactive in nature, enabling response to issues or events as or after they have occurred. Unfortunately, by that time any impact on an organization’s business, people, assets and/or reputation has already been felt.
Another drawback to the traditional approach is the high rate of false alarms – more than 95 percent by some counts – which ultimately condition operators and security staff to respond more slowly, believing the alarm most likely isn’t valid.
While there has been significant progress with integrating a variety of systems on the physical level to establish more robust security platforms, until now there has been little progress integrating critical operations systems like visitor management, HR, compliance and others. As a result, there have been a number of security breaches for which enough relevant data had been stored within multiple disparate systems and sources to warn of a possible risk; however, with no way to extrapolate actionable intelligence from that data, the risk went undetected until it was too late.
It is a major challenge faced by many organizations to simply collect and organize the vast quantity of security- and incident-related data, without beginning to consider the job of analyzing it and applying the resulting intelligence to make smart decisions. Until now, the amount of available data has proven too great for organizations to utilize properly, and without a comprehensive approach to collecting and analyzing all this data, organizations’ security processes begin to break down. As a result, potential opportunities to thwart or mitigate a negative event are missed.
Now automated physical identity and access management (PIAM) is altering this reality by tackling the most prominent security issues on an enterprise level. PIAM solutions are capable of extracting the most relevant information out of the virtual ocean of available data to deliver actionable intelligence. As more and more security and non-security devices and systems are being connected to networks, PIAM systems are making it easier to integrate these disparate sources to offer a cost-effective alternative to manage the various aspects of security and organizational operations that would otherwise be divided or siloed across different people departments and systems.
Offering a vast number of capabilities that can dramatically improve security and operations for various organizations, today’s PIAM software solutions have become the new science of security. With advances in software and processing power, these solutions are capable of delivering greater levels of intelligence and integration that go beyond the limitations of traditional reactive security models.
Given its potential to minimize or even avoid a potentially negative event, PIAM is a powerful and effective tool for improving an organization’s overall security. The true strengths of PIAM solutions are based on the complex emerging science of predictive analysis. This process focuses on analyzing the large quantities of metadata generated by disparate systems and devices across a network to identify statistical patterns and trends that provide correlation between elements. Using risk profiles based on policies and parameters predetermined by management, PIAM solutions analyze collected data to identify predictors, also known as indicators of compromise (IOCs). Often, this requires analyzing data over a longer timeframe – months or even years – to accurately uncover subtle relationships and factors that may never have been expected and that an organization may not have been able to discover without a predictive system.
The solution then uses these predictors to flag potential threats and proactively alert security staff, increasing the likelihood of averting or containing security incidents before they result in a loss. IOCs may include changes in access or behavioral patterns such as an individual entering a facility at unusual hours or locations, or attempting to access unauthorized areas. As an example, insider threat has become an increasingly prevalent concern, with some statistics suggesting it may account for as much as nearly half of all security breaches. In some cases, these breaches can be devastating, but can also be as simple as a frustrated sales rep downloading his or her contacts or an engineer taking proprietary code before leaving a company. Given the complex psychology that plays into these and other threats, it can be difficult to understand and predict potential problems.
This is where big data and predictive analysis come in, allowing security to analyze information and to look at patterns across a large number of employees using information from multiple systems and sources to deliver the actionable intelligence that enables organizations to identify potential threats in real time to apply better measures and take proactive action to guard against incidents or breaches that data suggests could potentially occur down the road. Unlike alarm-based processes, real-time predictive analysis is immune to false alarms, making the process unsusceptible to the human nature that causes people to ignore or respond slowly to alarms. Taking advantage of big data, predictive analysis transforms security from a reactive process that involves attempting to investigate in real time into a more proactive and effective process.
However, the intelligence generated by PIAM solutions equipped with predictive analysis capabilities is only as good as the available data. For that reason, when it comes to predictive analysis, the more data the more effective the solution will be, making integration with the widest possible range of disparate systems, both security and non-security, a necessity.
Another key element in the effectiveness of predictive analysis is for an organization to determine how to create metrics to measure against the goals it has set. To do this requires taking a hard look at the effectiveness of current security and operational policies, such as the number of visitors who enter a facility during specific time periods, how long it takes to process those visitors, or the duration of the process for new hires to receive access approval. Information generated from predictive analysis can help forecast where problems may arise or whether policy changes are needed. In many cases, the ability of PIAM to automate a range of time-consuming and error-prone manual processes might deliver the greatest ROI and business benefit.
In order for the science to deliver the most accurate and actionable intelligence, organizations have to ensure that their PIAM solution offers a broad range of integrations with disparate systems to provide the data required to identify predictors of potential threats, inefficiencies and other concerns. It is also incumbent upon organizations to determine exactly what they want to measure, which requires identifying goals and key factors that could influence them. This forms the basis for predictive analysis to identify those all-important IOCs.
While PIAM solutions excel at identifying and alerting security staff of the likelihood of possible threats, the same underlying science of predictive analysis can be applied to operations processes as well. The potentially significant business benefits these solutions are capable of delivering include increased efficiency and agility, better business alignment and improved reliability. More specifically, predictive analysis can enable better resource management, improved employee productivity, optimal staffing levels and higher service levels to the organization. It can even ensure compliance with company policy and industry or government regulations. Each of these factors raises the business value and ROI delivered by PIAM software beyond its basic – but critically important – mission of risk mitigation and prevention of incidents.
Automation is another hallmark of PIAM solutions, which can perform a wide variety of processes that would be time-consuming and prone to error if performed manually. This further contributes to improving operational efficiencies and reducing costs. These processes might include on- and off-boarding identities, establishing and implementing role-based physical access assignments across single or multiple systems, supporting regulatory governance and compliance, and conducting audits and generating reports.
As the industry and markets change, the science and technology behind PIAM solutions also continue to evolve to enable additional features – many of which further enhance predictive capabilities. One of the most impactful has been the advent of cloud-based services. While in the past, the advanced functionality of PIAM solutions may have been seen as unattainable for many smaller and mid-sized businesses and organizations, cloud-based software has made this a non-issue, reducing the expense of purchasing and deploying advanced PIAM and making solutions more accessible to SMBs. Like traditional on-premise solutions, cloud-based PIAM software also enables complex collaboration between a variety of identity types, including employees, contractors, third-party vendors, suppliers and others. These solutions also easily integrate with human resources, contractor management, physical and logical access control and other systems across the organization to deliver the same security, business and operational benefits as traditional software solutions.
By eliminating previous barriers to entry, robust cloud-based solutions can deliver the full functionality and effectiveness of PIAM on a monthly subscription basis that transforms software costs from capital expenditure to a predictable, budget-friendly operating expense.
The actionable intelligence PIAM solutions generate allows organizations of nearly all sizes to identify potential threats in real time and take proactive action to guard against incidents or breaches could potentially occur down the road. Taking advantage of the massive amount of data generated by an increasing number of networked security and non-security systems and devices, these solutions are transforming security from a reactive process to a more proactive and effective process. The ability to not only collect but to analyze all this data to identify connections that may not be obvious between data and events not only has the potential to increase security, but also allows organizations and their security departments to find novel applications for the resulting intelligence as part of their day-to-day operations, identifying potential opportunities to streamline and improve business processes. Given the capability to apply complex technologies to simplify, streamline and improve formerly inefficient and error-prone processes, it’s no wonder that today’s advanced PIAM solutions are bringing a new level of science to security.
About the Author:
Ajay Jain is President and CEO of Quantum Secure.
