In this conversation, Seyed explains why he believes that the more people realize the significance of relationships between identities and the connections among them, the more they contemplate migrating from traditional databases to a graph data platform like Neo4j.
Julia Astashkina: How did you get involved in the identity and access management space?
Seyed Hossein Ahmadinejad: Since 2008, when I started my master’s program, until now, I’ve been working on security, privacy and identity and access management. So that’s my passion and work and research interest as well.
Julia: Wonderful. Could you tell us a little bit more about Nulli and the problems you’re solving?
Seyed: At Nulli our area of expertise is identity and access management (IAM). Identity and access management allows you to identify users, devices, smart sensors and, in general, anything. It allows those with the right privileges to access protected resources.
In some sense, identity and access management basically enables secure data sharing. This identity and access management problem has been there forever, but challenges have been evolving over time.
One big challenge is data volume. At Nulli, we have deployed over a billion identities on behalf of our clients, and we have more than 100 clients globally. So that is what we do: we provide identity and access management solutions and we are trying to use innovative ideas and innovative solutions to these problems.
Julia: Why exactly do you need graph technology to solve these problems?
Seyed: As I mentioned, the challenges of identity and access management have been changing over time. For example, a few years ago, the idea of the Internet of Things was proposed and then companies started building IoT platforms. And that was when we started noticing that relationships and connections between identities are of great significance, both for providing services for customers as well as for the purpose of access management.
Just as a quick example, you can imagine something like a building management company that maintains smart devices in buildings. And imagine someone like a city manager, who is managing buildings in different cities. And now let’s say, a city manager is trying to read a thermostat in a certain building.
You want to decide whether that is allowed or whether that request should be rejected from an access management point of view. To determine this, you have to start from the city manager, go to all the cities he’s managing, and then all the buildings and the different floors of the buildings, and then finally, find that particular smart thermostat.
Traditionally, if you want to use a relational database for this purpose to model such data, then you have to do multiple JOIN operations. And we all know that JOINs in relational databases are very expensive and this is not scalable.
So we decided to bring this data into Neo4j, which is a native graph database. Neo4j lets us effectively navigate all these relationships from the city manager to that thermostat to answer that query.
That was when we started using Neo4j. We have used it in multiple projects and it is performing very well. That was the first reason we started using Neo4j in the context of identity and access management.
Julia: Do you use Neo4j and knowledge graphs for data analytics, too?
Seyed: Yes. Data analytics in general has been used in identity and access management, usually used to provide insights for managers. We’ve been able to use it for different purposes.
In one project, we were dealing with a company that was using a role-based access management system.
They had users, they had all these roles and entitlements for those users, and all these protected resources. The roles and entitlements were giving permissions to users to do something with those resources.
The problem they had was that they had too many roles and entitlements and many of them had been assigned randomly based on access requests from those users.
There were two other problems. First, maintaining such a system was very hard, and second, they were not sure whether the roles were assigned properly and actually made any sense.
We needed to run data analytics algorithms against the data in Neo4j, first to find outliers: entitlements that are not similar to any other entitlement. That tells us something about the role of entitlements. This is part of the access certification.
To simplify the problem, we were able to use community detection algorithms from the Graph Data Science Library provided by Neo4j to group those entitlements to larger roles and to more meaningful roles. That simplified the problem significantly.
So yes, we definitely run data analytics algorithms against our data.
Julia: Interesting. How do you see the future of Neo4j in identity and access management?
Seyed: I believe the more people start realizing the significance of relationships between identities and all those connections, the more they start thinking about migrating from traditional databases to graph databases like Neo4j.
I think we are already seeing that. In different industries, people are understanding that they need to look at all these connections between different entities to be able to provide more added value for their customers. And that is also telling us that even from an identity and access management point of view, that is the new trend. For that reason, I believe that we will see more and more companies and clients moving from traditional databases to Neo4j.
Julia: Thank you, Dr. Ahmadinejad, for this insightful conversation. Really happy to have you with us today.
Want to share about your Neo4j project in a future 5-Minute Interview? Drop us a line at firstname.lastname@example.org
Show off your graph database skills to the community and employers with the official Neo4j Certification. Click below to get started and you could be done in less than an hour.