Risk Based Identity Governance

Ken Willén, Senior System Engineer NetIQ

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.2

• Identity governance is often a time-consuming necessity, of which it can be hard to prove the business value

• With Risk Based Governance, the required re-certifications will be based on the risk the different entitlements poses to the business and the employees actual use or misuse of them

3

All types of attacks misuse Identities!• Insider attacks

• Accidental disclosures• Hackers• Advanced Persistent Threats

Identity is the key

5

Focus on the basicsIdentity, Access & Security together

Enforce access controls

Monitor user

activity

Minimizerights

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.6

Minimize rights - Re-Certification

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.7

The Burden of Re-certification

• Cost: Static re-certification schema:– Re-certification of users with no change

• Security: Re-certification according to potential risk– Re-certification schema does not follow increased/de-creased

actual company risk

– Re-certification is done with no insight in real use or potential misuse of entitlements

– Too many re-certifications leads to bulk execution

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.8

Risk Based Re-Certification - Identity, Access and Security Together

Has he logged on to the application in the last 6

month?

Do he show suspicious behavior on high risk

applications?

Has his entitlements changed since the last

full review?

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.9

Context Enrichment

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.10

Summary

• Identities poses a threat to our business

• Re-certification can minimize risk - but is costly

• Risk Based Re-certification improves security and reduces costs

© 2014 NetIQ Corporation and its affiliates. All Rights Reserved.11

This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.

Copyright © 2014 NetIQ Corporation and its affiliates. All Rights Reserved.

ActiveAudit, ActiveView, Aegis, AppManager, Change Administrator, Change Guardian, Compliance Suite, the cube logo design, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, Exchange Administrator, File Security Administrator, Group Policy Administrator, Group Policy Guardian, Group Policy Suite, IntelliPolicy, Knowledge Scripts, NetConnect, NetIQ, the NetIQ logo, PSAudit, PSDetect, PSPasswordManager, PSSecure, Secure Configuration Manager, Security Administration Suite, Security Manager, Server Consolidator, VigilEnt, and Vivinet are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other countries.