How to Use Identity Intelligence to Identify the Good and Bad within Your Organization

How to Use Identity Intelligence to Identify the Good and Bad within Your Organization

Identity intelligence must-have.

Security professionals, just like business professionals, need to do a better job at leveraging the data available to them to make the best decisions possible. In business terms, this is considered Business Intelligence and it is all about effectively translating the wealth of data produced throughout the business into meaningful and useful information. In security, the “identity” is truly the key to all things good and bad in our profession. Identities make the business operate and they can also help us secure the environment, but improper identity management can also wreak havoc on our lives.

To begin with, it is critical that information security professionals identify and understand all aspects of identity data available throughout their environment. If you are unaware of the data available to you, it is impossible to properly analyze and decipher that data to effectively understand the identity landscape. The core directories provide an excellent starting point for understanding your identity data. Even if an identity and access management solution is not in place, the directories still hold critical information that can be used to improve security.

Think about it, the directories used for authentication and authorizations are at the heart of most audit concerns, so there is no excuse to let them control you. Basic read-only access that is available to a standard user often provides a great deal of information such as:

  • Active accounts
  • Disabled accounts
  • Account policy information (i.e. settings such as no password required, password does not expire, etc.)
  • Last password change date
  • Organizational information
  • Group memberships
  • and much more…

Just investigating this information alone can provide value, but combine this base information with data available from your other identity management software solutions and applications, and the power of identity intelligence grows exponentially. For instance, a simple request to HR to obtain a feed of active employees can help you determine if terminated employees still have active accounts in your systems. All you need to do is execute a query to compare the HR employment status field against your active/inactive accounts, and you have the information needed to help you clean rogue accounts.

Taking things a step further, you could pull current authorizations from your desired systems, and join it with position-related data present in your directories for role mining purposes. If Bill and Bob are both Accountants who perform the same duties, they should have similar authorizations across your systems. This effort could help you define a role for accountants, but it can also help you weed out excessive access for users who may have accumulated access over time as they changed positions.

Your identity and access management solution should help expand your identity intelligence capabilities as well. Real-time analysis of identity data and corresponding access requests can help prevent problems before they occur by detecting inappropriate or high-risk requests. Even if this process is not fully automated, the data can at least be made available to the requester to help them make the right decision. Similar capabilities should exist in access governance software solutions so that approvers have all the information available to make the appropriate access certification decisions.

Hopefully, you will embrace identity intelligence going forward as it can dramatically improve security throughout your organization. More importantly, make it a point to pursue security solutions (such as identity and access management software) that integrate identity intelligence in such a way that security administrators and business users alike are provided the information they need.

Follow Avatier Chief Innovation Officer and Chief Information Security Officer, Ryan Ward, on Twitter at

Watch the Avatier Identity Analyzer Product Introduction video:


Get Your Free Top 10 Identity Management Best Practices

Learn the Top 10 Identity Management Best Practices for successful Identity and Access Management (IAM) implementations. Use this Identity Management planning guide to sidestep the challenges that typically derail IAM projects.

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).