How It Works
Staff access information is fed into the idax analytics engine from various organisational, entitlements and authorisation systems. idax then uses its proprietary algorithms to group staff based on their access rights.
These groups are based not only on the organisational information provided – for example department, role or location – but also on families with “similar access” determined automatically by the idax engine. Once the groups have been analysed, idax then automatically calculates application/asset weightings and potential toxic combinations based on the distribution of access across the company.
By comparing individuals with their groups, idax derives a risk metric, calculated as the difference between each individual and their fellow group members for each of the groups that have been previously created, e.g. departments, roles and family groups. An outlier is someone who is different enough from the rest of his or her group to warrant attention. The outliers with the greatest risk are flagged for review. Aggregated department metrics (KRIs) are created at the same time.
Next idax automatically calculates creates a standard access template for each group using the profiles of the group members. This template is designed to reflect “least privilege” for each group.
The template is weighted according to automatically calculated asset information across the whole company and will change dynamically as the organisation evolves. This enables an organisation to implement “dynamic role based access”.
When a new member of staff joins the company they are granted rights according to the template. When a staff member changes department their rights are adjusted according to the template, and when staff have their rights reviewed a manager uses the template to assist in that review.
The key ways in which idax analytics differs from other approaches are:
- Analytics can be performed with the minimum of inputs – no lengthy data entry.
- Templates, metrics, and roles are dynamic – they change as your organisation changes.
- Dynamic templates ensure that the principle of least privilege is maintained.