Identity and Access Management (IAM) includes technologies and processes that enable organizations to provide users with appropriate access to systems, apps, and data. In other words, it defines who gets access to what, for what reason, and at what time. The definition of identity and the individual structure of each organization defines the access management and, therefore, the company’s IAM.
In the digital world, people, services, and devices have an identity, and sometimes even more than one. As we already talked about in What makes graph databases great for Identity and Access Management data, relationships between those entities are becoming interconnected and complicated, and it is important to be able to analyze those complexities in real time to reduce system vulnerabilities and continue providing secure systems to users.
The problem with traditional IAM systems stems from the use of rigid hierarchies to represent access because that was how business organizations functioned in the past. The problem with such an approach is companies haven’t adapted to the constant changes of partners and customers.
Graph databases are the most suitable solution for representing Identity and Access Management data. To understand why jump to What makes graph database great for Identity and Access Management data?
Graph solutions, such as Memgraph, provide security analysis out of the box, making any required checks and decision-making easier and more performant. Compared to other solutions, Memgraph is a better choice because it is an in-memory graph database, meaning no time is lost to access data. Furthermore, Memgraph comes equipped with triggers that can be combined with complex graph analytics algorithms, which can then be performed on specific subgraphs and in real time.
How in-memory helps create performant analysis
The most crucial information in Identity and Access Management systems is data access, as the whole system depends on it. Without data access, it is impossible to check who has access rights to resources. It is also impossible to check for vulnerabilities, find security issues or perform any other data analysis. Also, the time it takes for an underlying system to access data determines its performance capabilities. There are considerable differences in the time it takes to retrieve data from CSV files, relational databases, or Memgraph’s in-memory storage engine.
Memgraph’s foundation is an in-memory storage engine. Data is stored in RAM, which enables minimal response time by eliminating accessing the disk, something most databases do. Users shouldn’t be worried about losing data because Memgraph creates snapshots of data and write-ahead logs stored on the system’s disk drive to ensure data persistence.
Another great benefit of Memgraph’s in-memory graph storage is data exploration, especially checking for relationships between users and resources, i.e., scanning, mapping and processing access rights dependencies. With graphs, modeling relationships between users and resources comes naturally, as explained in the What makes graph databases great for Identity and Access Management data. When an IAM system is modeled as a graph, checking whether a user has access rights doesn’t involve any JOIN operations as it usually does in SQL databases. It boils down to a direct memory walk, which is how Memgraph looks up adjacent nodes. To better understand memory walks in graph databases, jump to What benefits do graph databases bring to Identity and Access Management?
But what makes Memgraph special is that no time is wasted transferring data from the hard drive to RAM and the IAM system is always in memory. Any new real-time change that arrives in the system are ready for further dependencies exploration and vulnerability checks immediately.
How triggers help analytics
One of the key aspects of IAM systems is the ability to detect vulnerability the very second it appears in the system before any significant damage to the company. With real-time analysis, it is important to know when the data in the system changed, and what local subgraph are impacted by the changes. That information is crucial for efficient vulnerability analysis, and that is why database triggers are an integral part of it.
In short, a trigger is a procedural code that is automatically executed in response to specific events. Events are related to certain changes in the data, such as created, updated, or deleted data records.
Memgraph doesn’t only support triggers, it also enables calling a specific procedure - or, as we call it, algorithm - which then makes certain actions of higher complexity. After checking patterns, those procedures can immediately revoke users’ rights, set off system alarms, send emails to administrators, and so on. In Memgraph, these procedures can be written in C++, Python, or Rust programming language as query modules that communicate with Memgraph over C-API. Recently we extended our C++ API to allow you to build graph analytics without worrying about memory.
The combination of Memgraph’s triggers and custom-written user procedures enables exploring vulnerabilities in real-time before they affect the system.
How dynamic algorithms from MAGE improve real-time vulnerability analysis
In Identity and Access Management, network analysis provides an important status update by checking if everything is working correctly. Whether your use case consists of dynamic analysis, static analysis, or analysis of only part of the graph, with Memgraph’s Advanced Graph Extensions (MAGE) and newborn projection feature for subgraph analysis, there are no limits to the system’s exploration.
Dynamic analysis is essential when data points are constantly arriving in the database. This is a frequent scenario in Identity and Access Management systems, as reported by the companies using graph databases as their solutions, for example, in the telecommunications industry where data constantly arrives and changes.
Whether it is important to find the most vulnerable files, most important files, or communities with the most influence, all is possible with Dynamic Betweenness Centrality, Dynamic PageRank, and Dynamic community detection algorithms, respectively. In Memgraph, these graph analytics algorithms are implemented in C++, providing lightning speed.
It is also possible to restrict MAGE’s algorithms to specific subgraphs with graph projection features. This is particularly useful when operations must be performed only on the part of the graph. For example, when analyzing patterns and relationships between customers, partners, and files. For more lightweight operations, Memgraph supports various functions which can be combined with triggers and MAGE algorithms.
How query modules bring even more flexibility
We recognize that flexibility is important and there is no perfect solution that will cover every use case. Suppose your use case is not covered with any of the presented features and abilities. In that case, you can develop custom-written algorithms which will return the value you require to make your business as successful and stress-free as possible. If you are versed in Python, C++ or Rust, jump to our documentation page and follow the directions on analyzing the IAM system with your algorithms.
Memgraph for real-time streaming data
In Identity and Access Management, especially in telecommunications industries, data arrives and changes with every heartbeat, and with Memgraph, you can analyze it in real time. Every time data is added to Memgraph, it is instantly processed, and Memgraph immediately updates the outcome of associated registered queries. Hence, you can analyze system vulnerabilities and perform additional real-time checks, unlike a traditional relational database.
It is possible to connect Memgraph to Kafka or Redpanda streams and check for security issues before data is poured into another stream. For example, upon a request for access to a certain file, the system checks if the request is valid, or the system can revoke access rights without sacrificing the security of other users in the network. To learn more about how to connect to different streams, jump to the streams documentation page.
In other words, Memgraph is built for real-time data specifically designed to store, accumulate, process and enhance a data stream.
Graph databases generally provide data model adaptability, reduce system vulnerability and enable flexibility to the IAM systems. In this blog post, we have explored which advantages Memgraph specifically offers to this domain. Having a performant solution means there is no need to worry about how long it will take to analyze, access data, and update access rights for users in the network.
With streaming, graph query modules, and triggers, Memgraph can power even the most complex Identity and Access Management systems, making them more performant than ever. Explore how to move your data to Memgraph today.