At the crux of every cybersecurity strategy is an identity data management challenge: How much information does an agency need to verify the identity of an individual requesting access to network resources? As it turns out, a lot.
The problem is that edge computing — in which data is being aggregated, accessed or processed outside the network perimeter — is leaving data exposed to cyber criminals who see an opportunity to make money through ransomware schemes.
To understand the risks posed by an individual, you need to assess a wide array of identity data: not just their credentials (i.e., user name, password) but also their behaviors and their relationships with other users or systems. The second part of the challenge is to capture all of that information and to make it available to a wide variety of applications and systems in real time.
The solution is an Intelligent Identity Data Platform, said Wade Ellery, Vice President of Solutions Architects and Senior Technical Evangelist at Radiant Logic, which provides a platform that spans on-premises and cloud environments.
“An Intelligent Identity Data Platform provides one place to get everything I need to answer all questions I have about managing identity, access, authentication, authorization,” Ellery said.
Assessing Risk in Real Time
To understand the need for an Intelligent Identity Data Platform, consider two scenarios. In the first case, a user logs into an application from her office at 2 p.m. each day. In this case, she will be considered a low risk, based on three factors: her credentials, her usage patterns and location data.
In the second scenario, this same user logs into the application from her office but at 2 a.m. The aberration in her routine (i.e., usage pattern) raises a red flag, as would a change in her location. Even this simple use case requires an agency to have a holistic picture of an end-user, which is not possible without a central platform.
The challenge of managing identity data has grown more complex with the emergence of hybrid and multi-cloud environments.
Critical information is siloed in diverse stores and applications from on premises to across different clouds like AWS, Azure, and Google — so what you know about a user is often scattered throughout these disparate systems with no easy way to retrieve and reconcile the data.
An Intelligent Identity Data Platform makes it possible to integrate that information both to develop a fuller understanding of each user and to enforce access policies consistently across different platforms.
Enabling Zero Trust
The capabilities of an Intelligent Identity Data Platform are essential to the concept of zero-trust security, Ellery said. Rather than basing access management on user credentials alone, “I’m going to continuously evaluate your request against everything I know about you in real time, and make a decision on whether you can gain access to another resource,” he said.
Radiant Logic’s RadiantOne Intelligent Identity Data Platform is the standard identity enablement foundation for many federal and defense agencies, including the Army, Navy, the Department of Homeland Security and the Defense Information Systems Agency.
This article is an excerpt from GovLoop’s guide, “Conversations With CXOs: Your Crash Course on the Future of Gov.” Download the full guide here.