Secure the Enterprise, Create a Customer Directory, Authorise and Multi-factor Authenticate with IBM Security

Responsiv provide services and expert insights for the IBM Security software suite, including its adoption and use, configuration, and installation.

With organisations becoming ever more integrated and focusing on mobile and remote access solutions, many of the traditional approaches to security are changing.

“Bring Your Own Device” (BYOD) and other initiatives are driving the need for flexible security arrangements, as well as the continuous generation of new cybersecurity threats.

The IBM Security portfolio stops threats and proves compliance allowing your business to flourish, by preparing your business for addressing risk, speeding up the process for uncovering threats, staying up to date with industry standards and providing added value to your customers.

IBM Security Identity Manager and IBM Security Access Manager

IBM Security Identity Manager (ISIM) and IBM Security Access Manager (ISAM) have been renamed. They are now known as IBM Security Identity Governance & Intelligence or IGI, (previously ISIM) and IBM Security Verify Access (previously ISAM).

Verify Access (Formally ISAM)

Verify Access provides foundational services to authenticate users using multi-factors, including biometrics (facial recognition, fingerprints, voice), devices and “something you have”, and pass phrases and passwords. It integrates with certificate authorities and with IBM Security Identity Governance to provide a fully functional authorisation and authentication solution.

Most organisations have sets of users (employees, contractors, partners and consumers) who need to access critical IT resources through multiple devices, including smartphones, tablets, and notebooks.

Use of public and private clouds means that these resources often reside outside traditional network boundaries.

Technology teams use a collection of tools to help manage all the possible access points in the modern, heterogeneous environment. Security leaders are increasingly concerned about the threat of cyber criminals turning this access management chaos into their own malicious gain.

IBM Security™ protects more than two billion digital identities and provides the industry’s most complete suite of user authentication capabilities designed to provide a seamless user experience, protect the broadest range of target systems, and empower application developers with the resources they need to innovate.

For organisations that struggle to optimise identity risk and ease of use, IBM Security Verify with adaptive access reduces authentication complexities by providing frustration-free intelligent access to applications and data. The solution is easily integrated into applications with low to no coding required, through an API for custom applications and pre-built templates for commonly used cloud apps.

IBM Security Verify: Secure employee productivity with cloud-delivered single sign-on (SSO), multi-factor authentication, context-based authentication, and lifecycle management. Thousands of pre-built connectors help you quickly provide access to popular SaaS apps. Pre-built templates help integrate in-house apps.

IBM Security Verify Access: Take back control with a single integrated platform that manages access across many common scenarios. IBM Security Verify Access helps secure access points into the corporate network and enforce risk-based access policies that define who and what can access protected resources. With IBM Security Verify Access, transactions requested by employees, consumers, partners and others are secure, fast and convenient.
Responsiv use IBM Security Verify to support banking-grade multi-factor authentication, password management, and OAuth2 support to our architectures.

Product names relevant to this briefing include IBM Security Access Manager, ISAM, IBM Security Identity Manager (ISIM), IBM Security Identity Governance, Intelligence or IGI, IBM Security Verify Access

IBM knowledge centre.

Business Drivers

Cyber threats continue to be top of mind for organisations around the world. According to the 2020 X-Force® Threat Intelligence Index report, 8.5 billion records were breached in 2019 – more than three times greater than in 2018 – and inadvertent insiders are largely responsible for the significant rise. Other threats including malware, ransomware, phishing and spam also continued to grow last year.

Unfortunately, identity is often to blames, as 80% of hacking-related breaches involve compromised or weak credentials. Meanwhile, our customers are still dealing with skills shortages and ever expanding attack surfaces, particularly with a large percentage of employees working remotely due to the COVID-19 pandemic.

Only IBM provides a single platform that allows our customers to gain comprehensive insights, quickly detect and prioritise potential threats, and gain feedback to continuously improve detection.

IBM is recognised by analysts as a leader in access management and risk-based authentication:

Forrester Wave: Risk-Based Authentication, Q2 2020 – IBM named a leader with the highest overall score in this space, largely due to the integration of our fraud protection and access management technology.
Gartner MQ for Access Management 2019 – IBM named a leader for the third consecutive year.

Key Capabilities

Eliminate credential hassles and improve security with federated single sign-on and access control across legacy on-premises and public/private cloud applications.
Enable modern MFA methods across an organisation’s resources, including passwordless options, like QR codes, user biometrics, and FIDO2 keys.
Provide risk-based authentication and adaptive access control to simultaneously allow frictionless access for low-risk users and protect against higher risk scenarios, based on deep, AI-powered context across user, device and environment.
Integrate with the mobile enterprise and verifies users and devices with compliance-based conditional access, for all apps and unified endpoint management (UEM)-enrolled devices.
Provide advanced threat protection when integrated with X-Force to safeguard web and mobile applications from common attack vectors, including comprehensive coverage for Open Web Application Security Project (OWASP) top 10 web application risks.
Extend zero trust workflows with QRadar® and Resilient® integration. Stream Verify event data to QRadar to identify and analyse threat anomalies, and send those anomalies/events to Resilient to take action, such as automatically resetting a password or removing an entitlement.
Support a stellar developer experience with consumable APIs, guided development experiences, and robust documentation. Offer extensions to more advanced capability from open-source solutions like Keycloak and Red Hat® SSO.
Provide consumption choices that include on-premise deployment or delivered from cloud IDaaS capabilities to align with their IT strategy and lower total cost of ownership.

Why would you be interested?

Enhanced user productivity while securing user access to web and mobile applications through Single Sign-On (SSO), session management, strong authentication, and adaptive access control.
Better protection from advanced threats including OWASP top 10 web application risks through X-Force Advanced Threat Protection.
Federated SSO, which helps enhance user productivity and facilitates trust through the delivery of SSO across separately managed infrastructure domains, including easily configurable connections to popular Software-as-a-Service (SaaS) applications such as SalesForce, Box, and more.
Supports tens of millions of users for customers who need to scale/expand
Integration with IBM MaaS360® EMM and Trusteer® Web Fraud for protecting access on mobile endpoints.
Provides security intelligence and compliance evidence through limited-use license of QRadar Log Manager bundled with IBM Security Verify Access and integrates with QRadar SIEM.