The 2020 global pandemic forced organizations to accommodate a sudden, massive spike in remote work, business and communications. Many companies have found their identity and access management (IAM) systems cannot keep up with today’s highly complex and demanding identity landscape, which includes:
- Sharp increases in identity counts. 83% of security and identity professionals recently surveyed said both human and machine identities increased in 2020; 1 in 5 said identities increased by at least 25%.¹
- Significantly increased security exposures. The same survey found “inadequately managed privileges” was the second highest cause of identity-related breaches. 93% of those surveyed believed their breaches could have been avoided or at least minimized with proper identity-related processes.
- Lack of autonomous identity processes. For identity-related processes to be effective, they must be automated; doing so, however, remains elusive. For example, only 39% said their organizations continuously discover user access rights. 1 in 5 also said that identity projects had failed in the past.²
A new approach to Identity Governance and Administration (IGA) is required. IGA is the single most critical IAM solution for proper visibility and control over access privileges and ensure conformity with business policies. Traditional IGA solutions tend to rely on role-based access control (RBAC) models, yet need to deal with ad-hoc access requests and ever-evolving identity and access rules. This makes them very difficult and error-prone to audit and maintain, leaving administrators with “identity fatigue”.
Katana Graph™ provides graph-driven AI for intelligent Identity Governance and Administration (IGA), for real time, autonomous identity and access management at scale—to help prevent identity breaches and minimize costly manual administration.
Katana Graph enables AI-driven role mining—the most essential component of a modern, intelligent IGA solution.
Unlike traditional IGA, a modern, intelligent IGA solution applies role mining to discover existing access patterns and extract IT roles from them. Role mapping and reconciliation techniques are then used to map the discovered IT roles back to the corresponding business roles. This process is highly resource-intensive, as it must be performed on an ongoing basis to keep up with the constant, dynamic evolution of identity and access permissions. Katana Graph autonomously enables graph AI role mining to identify, audit and optimize role-based access controls without manual administration.
Role mining can be represented as a graph theory problem, in which nodes show users and entitlements, and edges show permission assignments (see Input section of image above). The role mining problem can be defined as finding the minimum biclique cover—a minimal set of edge groups that cover the graph.
Katana Graph consolidates and renders business rules, personnel data, user entitlements and group user permission assignments into its in-memory resilient distributed graph database. This unified data is then analyzed to identify meaningful access roles (see Output section of image above), for autonomous, ongoing reconciliation with your original IAM system, ensuring it remains constantly consistent, flexible and auditable.