Good Governance Includes the Outliers
In his book, “Outliers: The Story of Success,” Malcom Gladwell says that outliers are often extraordinary individuals. Think Benjamin Franklin, Mozart, Bill Gates and even sports phenoms like tennis star Novak Djokovic. These success stories are often the result of “accumulated advantages.” For example, great athletes don’t start out as outliers. They were often only slightly better than their peers.
For many greats, a system of “accumulative advantage” gave them training, resources, and coaching that no one else had access too, and through this kind of special treatment they became outliers. As an example, Novak Djokovic grew up in poverty through two wars in Serbia, where his family ran a fast-food joint. Some nights they hid in basements to avoid bombing runs. No special privilege there. But at the age of six Novak was spotted by the Yugoslavian tennis legend Jelena Genčić while at a tennis camp. She said, « This is the greatest talent I have seen since Monica Seles. »
Jelena coached Novak for the next six years until it was clear he had to go abroad to continue to improve. Citing another unique advantage, Jelena used her connections with a famous Serbian tennis star to help send the 12-year-old Novak from Belgrade to Germany’s Pilic Tennis Academy to train hard for the European championships, which he won starting at age 14.
Identity outliers are important to the field of identity governance. These individuals typically operate within the enterprise without problems but often have too many entitlements for their role, including entitlements with elevated privileges beyond their daily needs.
How do these outliers come to be? Similar to Gladwell’s outliers, they are the result of accumulated entitlements over time. Highly capable, trusted employees may continue to gather accounts and entitlements to corporate systems as they progress through their career. Sometimes their access is not reduced as projects terminate or through job changes, resulting in too much access to systems.
Too much access isn’t a matter of trust – it’s a matter of good governance. Employees should have only the access they need to do their jobs.
But unlike the famous outliers in Gladwell’s book, identity outliers can be very difficult to find and to mitigate. To help IGA professionals improve their governance and compliance, SailPoint employs patented graph-analysis algorithms to uncover these anomalous identities.
First, SailPoint Predictive Identity uses AI and machine-learning technology to identify peer groups, or groups of identities who share similar access. The algorithms cluster the identities together by the strength of their entitlement similarity. This creates a highly useful similarity matrix or “identity graph.”
Once we know which groups have similar access, the outliers can be identified using the same network graph technology. Identity outliers can appear as two basic types. Singleton identities are represented by isolated nodes of the identity graph. This is due to their extremely low similarities to every other identity, either globally or within a particular department, location, title, etc. Singletons are difficult to manage from a compliance perspective. Through identification, SailPoint Predictive Identity helps enterprises reduce identity “uniqueness” over time.
Another type of outlier is the so-called structural outlier or “contagious identity.” The “contagious identity” occupies a so-called Bridge Node on the identity graph. This highly entitled employee is connected strongly by the similarity of their entitlements to possibly a great many “downstream” identities. An example would be a technical lead or a technical project manager who has worked on several projects over time.
Anyone drafted to work with this identity on the same projects may unintentionally receive far too many entitlements for their role. It’s a question of productivity over security. Also, a new employee placed in the same role, if given the same breadth of entitlements would clearly be receiving an inappropriate amount of access to applications. Worse, these identities may lack a good role structure as they seem to have accumulated entitlements from at least two different roles.
At SailPoint, outliers are as important as peer groups. The access held by outliers have the highest potential risk and if utilized, the most kinetic risk of any group of identities.
Gladwell writes, “Cultural legacies are powerful forces.” Because outliers appear naturally within enterprises due to the access policies in place at the time, their effect around risk is nearly invisible. Using SailPoint Predictive Identity, IGA professionals can finally see the elevated risk outliers pose within their organization. Only by visualizing access held by outliers as they relate to others in the organization can IGA professionals drive down uniqueness by reducing singletons.
SailPoint Predictive Identity helps customers mitigate the effect of structural outliers, helping ensure employees have only the access they need to do their jobs.
Editor’s note: Rich Keith is a contributing author to this blog.