The need for Identity Intelligence tools and models comes with the awareness, developed in recent years, that an Identity Management system used for the sole purpose of automating the user account management, exploits its possibilities only in part. In recent years the ‘Identity Management solutions are increasingly seen as tools addressed to securitygovernance, tools used increase security, tools used to meet the compliance requirements that organizations must meet in order to satisfy regulatory constraints, to obtain certifications and to satisfy internal and external audit.
The assumption to the adoption of an Identity Intelligence solution is that “you cannot manage what you cannot measure”. In order to properly manage user accounts and identities, you must first be able to get to know them in detail.
Identity management (IdM) is the task of controlling information about users on computers. Such information includes information that authenticates the identity of a user, and information that describes information and actions they are authorized to access and/or perform. It also includes the management of descriptive information about the user and how and by whom that information can be accessed and modified. Managed entities typically include users, hardware and network resources and even applications.
In the real-world context of engineering online systems, identity intelligence can involve three basic functions:
- The pure identity function: Creation, management and deletion of identities without regard to access or entitlements;
- The user access (log-on) function: For example: a smart card and its associated data used by a customer to log on to a service or services (a traditional view);
- The service function: A system that delivers personalized, role-based, online, on-demand, multimedia (content),presence-based services to users and their devices.
The term “Identity Intelligence” has been diffused throughout the course of 2010, also thanks to its adoption by Gartner, and refers mainly to the following set of capabilities:
- the presence, within an organization, of a full repository of user accounts, able to effectively collect every information characterizing the users and their access rights. The difference is substantial if compared to the “standard” repositories used by the Identity Management solutions, typically simpler and less suited for complex analysis.
- the ability to relate information from different target and authoritative sources, in order to correctly and efficiently populate the repository. In complex environments, data about users and user accounts are collected from dozens or hundreds of different sources, using different standards, different structures and different technologies. In order to allow quick, detailed and complete analysis, it is essential to have a tool that can collect, relate and homogenize all this data.
The ability to build complex analysis, based on the principles of business intelligence, providing valuable information in relation with:
- the state of the users within the organization,
- the quality of the user management processes.
- an overview of user identities and their access within the enterprise.
- an ability to relate identity information with various entities within the organization such as assets, resources etc.
At the same time, monitoring and reporting systems which operate on a complete repository, offer security features and advanced control.