Identity and access management has a significant role to play in enabling secure employee access to sensitive data and applications via cloud-based approaches, powerful portable devices, virtual data centers and tethered desktops. The problems for security teams go beyond traditional access control to include services for efficient configuration management of a wide range of devices, dynamically adapting data loss prevention policies to changes in business processes, and reducing the time required to identify potential disclosure incidents. Identities provide the common thread as users leverage diverse methods to do their jobs -- device and network path approaches are becoming too expensive for larger organizations.
IT security teams can investigate these three identity-oriented strategies for efficient security services beyond traditional access control.
Identity based endpoint configuration management. The traditional device-centric policies burden IT with providing each user with approved applications for accessing corporate resources from desktops, laptops, iPads and smart phones. The user is also burdened by a device-centric approach by having to understand different application interfaces to perform the same job. A strategy of utilizing user identities and roles allows IT to provide a service of pre-configured application packages that are based on virtual desktop and workspace concepts for supported device types.
Identity based data protection. One of the problems with data leakage protection strategies is that they tend to be so focused on analyzing each transaction for intellectual property and user access rights that they totally miss thefts of bulk data by authorized users. Identity based data protection policies analyze deviations in user activity and dynamically compares users with similar roles to alert IT to the possibility of a theft incident. DLP products that use identity based policies can help detect abuses of access privileges that may increase the risk of a disclosure incident, while transparently accommodating changes to data access requirements.
Identity based event logging. Most security investigations for data theft incidents start with tracking log entries by device addresses before moving to applications and then users. While this approach holds devices accountable, it makes it more difficult to rapidly identify inappropriate user behavior that could lead to a disclosure event and to differentiate illegitimate infrastructure activity from legitimate business actions.
One of the challenges facing security organizations is to be recognized as helping users to safely do their jobs, and not perceived as overseers zealously restricting user activity. While using authenticated identities to control access is clearly important, there are opportunities where security services based on identity knowledge can be extended to enhance employee productivity. These include, automating compliant configurations based on business need, intelligently choosing optimal and secure application delivery options, and deploying insightful data access and auditing policies.
Eric Ogren is a security analyst at the Ogren Group.