Published on February 24, 2016
My life has changed dramatically in the last year in many ways. Professionally, that change has reached the one year milestone this week as a proud member of the Securonix team. In this time as the Chief Architect, I have been responsible for architecture standards, security hardening, sizing and capacity planning, as well as Big Data strategy and product direction. On that note, for those who will be at RSA: Join us for the launch party of SNYPR March 1, 2016 in San Francisco.
Now, more on my personal journey and changes to my perspective in the last year, and why the move to Securonix a year ago was the right one for me. I have been an Enterprise Security Architect for a long time, with deep roots in Identity and Access Management solutions. This expertise allowed me to focus on the identification and access controls for users and work with organizations to ensure that users accessing applications and data are appropriate and that a consistent audit trail is available. After more than 15 years with that focus professionally, I now realize that while that is critical and foundational, there is much more value to be associated with looking deeper into not just ensuring that appropriate access controls are in place, but also that appropriate use of that access is monitored and managed. This change has been so dramatic that I need to rethink the song that I have related to the most in my life. For the past 30 years, ever since I was challenged, by my Composition teacher, Mr. Neuman, in high school with an assignment to write about the greatest song of all time, I have felt a close association with “Who Are You” by The Who. Now I need a new song, because I realize that that simple question is just not sufficient anymore…
Who Are You?
One of the basic premises of security requires knowledge of who you are allowing access to something you are protecting. Whether the user is an employee that exists in an HR system, the user is an external user who created a relationship through a registration process, or an alternate enrollment process was performed, the process of managing the lifecycle of a user is foundational to providing access to protected services.
Knowing who the user is, of course, is just the beginning. More on that later. (The inline quotes are lyrics from “Who Are You?”).
Who Are You? Who? Who? Who? Who?
Asking Who Are You? happens regularly as users access applications. Each application has it’s own way of doing so. It may be direct authentication of the user with a username and password, multi factor authentication (or other types of credentials), integration with a single signon solution, or federation. Once the user is identified, their entitlements (group or role membership, permissions within the application, etc.) are obtained and then authorization decisions can be made by the application to control what the user can do within the application.
Well Who Are You? I really want to know.
The above is an overview of why an Identity and Access Management (IAM) solution should be used to automate the process of managing users, their accounts, and the entitlements that they have access to. This may sound obvious, and many of us have spent a large part of our careers working to improve the way that organizations optimize this process. Technologies, products and solutions like NIS, LDAP, meta directories, access management, federation, user provisioning, role management, user certification, and other products have emerged and matured to assist organizations in managing user access. As a security architect, I always advise that the business processes for user and account management as well as access management be standardized, and centralized wherever possible to ensure consistency in applying security policies.
Come on tell me who are you. Cause I really want to know.
Standardization and incremental improvements to the Use Lifecycle Management processes to enforce strong authentication and password policies, prevent rogue accounts and orphaned accounts are effective ways to improve the overall security posture. Process improvements in automating account creation, role assignment and reassignment based on job codes or other criteria are cost effective. Enabling user self service and standardized access request processes with workflow and auditing of how users obtained access are common practices.
All organizations that adopt and Identity and Access Management solution go through a maturity process and typically take a phased approach to incrementally adding IAM capabilities and value to the organization.
Tell Me who are you.
While important to answer this question, going deeper provides business value and insight that is exponentially more valuable than process automation and improvement in ensuring consistent security standards. Understanding what users, computers, and networks are doing, and applying advanced behavioral analytics is possible to identify potential security incidents that are being conducted, or to prevent a ongoing attack by understanding the Threat Chain. Over the course of the last 8 years, my colleagues, Sachin Nayar and Tanuj Gulati have not only realized this before others, but have founded Securonix and pioneered the creation of a new space, called User and Entity Behavior Analytics. As the pioneers in this space, the maturity of the Securonix products are obvious and the successful customers using the solution for Insider Threat programs and Cyber Security programs is impressive.
So with this change in perspective, I need a new song to relate to since knowing “Who Are You” is no longer enough to capture behavior. As I ponder that, the first candidate that came to mind was “What’s Up” by 4 Non Blondes. It does not really fit, but I like the chorus, assuming you know who someone or something is that is generating activity: “And I say, hey hey hey hey I said hey, what’s going on?” That could signify trying to understand the activity events associated with entities in detail for patterns and anomalies. OK, so I am reaching a bit and I will have to keep searching for a new song, but one this is clear for me, Security Analytics is the future.