Identity and access management (IAM) refers to the processes, technologies, and policies for managing digital identities and controlling how identities can be used to access resources. Resources may refer to computer systems including the hardware and software components that make up the computer systems or a network of computer systems. For example, resources may include information systems, applications, services, programs, computing devices (e.g. servers, PCs), network devices (e.g. switches and routers, networks, files, file systems, databases and database objects (e.g. tables, views, and stored procedures), and the like.
Organizations may utilize various IAM products and services to implement IAM processes, which include authentication, access, and auditing. Authentication refers to verifying identities based on one or more credentials in order to gain access to a resource; access refers to managing login accounts, providing access rights to resources, and authorizing the use of resources; and auditing refers to validating and testing authentication and access capabilities.
IAM products and services may maintain event logs that include information about events that occurred during the authentication, access, and auditing processes. Event information may include, for example, the date and time of the event, the resource at which the event occurred, and other information that identifies and categorizes the event. In this regard, the event log data generated by IAM technologies and services may be referred to as IAM data.
Organizations are increasingly interested in performing large scale data analysis on the IAM data generated by IAM products and services. Analysis of IAM data can be useful, for example, to demonstrate compliance with regulatory requirements. Analysis of IAM data can also be useful to preemptively identify threats to the resources of the organization, e.g., from malware operating with the computing systems of the organization. More generally, analysis of IAM data may enable an organization to improve the efficiency and effectiveness of its IAM policies and procedures.
IAM products and services, however, may generate and store IAM data in unique or proprietary formats. IAM data stored in unique or proprietary formats may not be compatible with the formats required by various data analysis tools. To utilize the analytical tools to perform data analysis on the IAM data, a point-to-point mapping between the unique IAM data format and the format required by the data analysis tool may be necessary. Accordingly, organizations may not be able to integrate uniquely formatted IAM data for large scale data analysis of the integrated IAM data at a data analysis tool.
Therefore a need exists for a common data model for IAM data in the IAM domain.