For the last six months, we have been discussing our vision of "content-aware IAM" as the next evolutionary stage in identity and access management. This vision has been driven in large part from our realization that focusing purely on identities and access is no longer sufficient for 21st century IAM. Simply put, identities interact with data and information and it is this convergence (controlling identities and access as well as controlling the use of information) that is the core foundation behind content-aware IAM.
We are not just using the content-aware theme to create nice PowerPoint slides and brochures (although we do have some very good white papers on content-aware that I urge you to read), but are gathering specific use cases that demonstrate content-aware IAM and ensuring that our current security solution portfolio can support these use cases.
Today's use case focuses on a security risk that most organizations must continuously mitigate -- the disgruntled insider or employee leaving the organization. In the pre-content-aware IAM days, the employee would give their traditional two week notice and the provisioning system would then be notified to de-provision that employee in two weeks time.
The flaw in this model is that in the ensuing two weeks, the employee still has all their access privileges and can therefore download confidential data (or just email it to his/her Hotmail account).
In our content-aware IAM model, we can mitigate this issue much more comprehensively.
CA DLP can be configured to create a new policy group that will trigger additional monitoring of information usage if users attribute equals "leaving in two weeks."
- CA Identity Manager administrator add attribute ("leaving in two weeks") to employee.
- CA Identity Manager notifies CA DLP which moves employee into new policy group that triggers additional monitoring.
Under this scenario, the user is now subject to a finer level of monitoring during the ensuing two weeks so that any malicious activities can be identified and stopped before it happens. This use case could be further extended by using CA Enterprise Log Manager to pick up event activity and alert on any suspicious activity.
This content-aware use case also has regulatory implications in the United States as there are two Federal laws governing theft of intellectual property-18 U.S.C 1831 and 18 U.S.C 1832. The former deals with theft of items that benefit and involve a foreign government (like a foreign spy agency) while 1832 cover the theft of trade secrets by an individual (like a disgruntled insider).
There is also a real world example that demonstrates this use case perfectly -- the case of DuPont chemist Gary Min aka Yonggang Min who was prosecuted for theft of trade secrets in 2006. I encourage you to read about his case here. In this case, Min accepted a job with a competitor, didn't actually tender his resignation for six weeks, and used the ensuing six weeks to download 16,000+ documents pertaining to trade secrets.
Please monitor this blog in the coming weeks as I will detail additional use cases that support our content-aware IAM vision and prove that there is significant substance behind that vision.