Marco Casassa Mont - Web Page - HP Labs

The Identity Analytics project is part of the Security Analytics project, at HP Labs, System Security Lab.

In our view, “Identity Analytics” consists of a set of approaches, techniques and methodologies to explain and predict the impact of identity, identity management and people’s behaviours on aspects of relevance to decision makers (e.g. CIOs/CISOs), such as on security exposure/risks, (financial) costs, compliance, trust, reputation, effect on productivity and business (e.g. on business alignment and agility) etc., in well defined context and scenarios - based on initial assumptions and investment decisions.

In this context, “Identity Analytics” aims at providing decision makers with decision support tools and services (based on modelling, simulation and analysis techniques) describing the “levers” (e.g. acting on identity management technologies, automation & centralisation, education, other security investments, policies, etc.) they can act on and the consequences of their decisions (what-if analysis) along with exploring potential trade-offs (e.g. investing on identity automation vs. security patching and intrusion detection). The following picture shows the main aspects and factors involved in Identity Analytics:

The focus is at the business level, targeting key decision makers, such as CIOs/CISOs. Identity management is likely to be an area where even the experts have little intuition as to how to invest for the best (security) outcomes. The complexity and tight relationship with business and compliance mean it will remain high priority for CIOs and CISOs. As such it is likely to be a high profile and rich problem area for Identity Analytics.

There are many research opportunities and challenges in this space: we believe that a scientific approach is required, involving the usage of modelling and simulation techniques, coupled with the understanding of involved technologies and processes, human behaviours and economic aspects.

For more  information and an overview of this project, have a look at the following HP Labs Technical Reports:

• HPL-2009-57 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - Identity Analytics - User provisioning Case Study: Using Modelling and Simulation for Policy Decision Support - HPL-2009-57, 2009

• HPL-2009-56 Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management - HPL-2009-56, 2009

• HPL-2008-188 Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu, Yolanta Beres - Identity Analytics: Using Modeling and Simulation to Improve Data Security Decision Making- HPL-2008-188, 2008

• HPL-2008-186 Marco Casassa Mont, Adrian Baldwin, Jonathan Griffin, Simon Shiu - Towards Identity Analytics in Enterprises - HPL-2008-186, 2008

• HPL-2008-84 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - On Identity Analytics: Setting the Context, 2008