Identity and Access Management is a game-changer for digital ID security, says Ward Solution’s Cahill
27 July 2015 | 0
Identity and Access Management (IAM) is the process of managing digital identities of individuals within an organisation and their access to systems and services. An individual’s ‘Digital Identity’ is the set of data which uniquely identifies them within an organisation. A secure IAM process gives the right user, the right access, to the right resources, at the right time. It is essential to have this fine grained control of user access in big enterprise, including Pharma, telecoms, banking, utilities and in other organisations such as third level institutions. It turns information security into a competitive advantage.
Third level institutions for example are required to manage thousands of digital identities, including staff, students and visitors. These and other organisations need control over the identity lifecycle and access of users’ digital identities to ensure positive user experience, operational efficiency, reduction of security risk and to meet regulatory or compliance requirements. The process of IAM enables this.
Cloud identity changing
Software as a Service (SaaS) is growing and we see increased numbers of organisations utilising more and more cloud services. Cloud brings with it unique challenges as historically, user digital identities were housed within the four walls of the company and were completely within the company’s control. Now with the proliferation of the cloud, organisations are potentially sacrificing control and security in return for improved end-user functionality and reduced costs. The use of cloud services, such as Office365 or SalesForce, by organisations mean that staff now have identities outside the organisational domains. Digital identities are expanding and without a defined IAM process, it will require more time and effort for IT resources to manage user access, remove access rights when necessary and ensure cyber security of the organisation is not compromised.
Organisations seek IAM for many reasons, including to use it as a critical security control within their IT operations. Other drivers include high risk of security breach; operational and support costs; lack of process for existing digital identities; everything done on an ad hoc basis with lack of auditing; slow access to resources; different logons or passwords to different systems and separate external and internal identities.
“Digital identities are expanding and without a defined IAM process, it will require more time and effort for IT resources to manage user access, remove access rights when necessary and ensure cyber security of the organisation is not compromised”
Best practice IAM
IAM is an ongoing process and we assist our customers in developing an IAM strategy and roadmap, planning their additional of applications in a phased approach and having a centralised policy for all new systems within the organisation. Best practice for the IAM process to better succeed is a single identity for each user. Organisations can provide improved user experience to staff through features such as Single Sign On (SSO) in an environment where authentication is centrally controlled, such as through Microsoft’s Active Directory. At a minimum, organisations can provide improved user experience through same sign on, so a user still only requires one login.
A well-defined IAM roadmap should create a central set of rules for every application that requires integration into the organisation. It should contain information on how user lifecycles are managed, including joiners, movers and leavers and contain a suite of products which sit at the core of your IT infrastructure. These products should be available to any new system that requires integration in order to r streamline the identity and access process within an organisation.
The automated nature of IAM enables cost savings as a result of automated account set up, automated control over user cycles and the reduction of support costs. It frees up budget to spend where needed; reputation, revenue protection and compliance. The IAM process also makes it easier for an organisation to be compliant, both locally and internationally. It can provide information on who has access to what and defines which users have access, which is required by most international regulatory policies.
IAM creates efficiencies within an organisation by simplifying management of users’ digital identities and freeing up resources. It also increases levels of user satisfaction, which can boost reputation.
Allan Cahill is head of Ward Solutions’ Secure Application Development practice