The great IAM - time to modernise?
The discipline of information security is about letting the good guys in as well as keeping the bad guys out. But it is inevitably less “sexy” than its cyber-security twin.
Nevertheless, Identity and Access Management is of a high strategic order importance, especially for large, complex corporate organisations with many types of employee requiring specific levels of access to particular kinds of information. And this has been accentuated in recent years by the need to be in compliance with the EU’s General Data Protection Regulation.
In this e-guide we offer a refresher in IAM and highlight some of the trends that have an impact on it.
Consumer identity and access management is a more recent sub-category with in IAM, with the first systems for this appearing in 2014. It still an “early-days” market, according to specialist analyst firm KuppingerCole. The business cases for this technology include targeted marketing to increase revenue, authentication of customers to enable single sign-on, providing a better user experience, and regulatory compliance.
As with other areas of enterprise software, IAM is being reshaped, at least to some degree, by the rise of artificial intelligence in tandem with the maturation of big data analytics. And so, user behaviour analytics is becoming a link between identity management and “keep the bad guys out” security. Instead of focusing only on what is happening in a network, UBA is – again according to KuppingerCole, about users and what they are doing, and analysing that to identify anomalies that can be investigated as potential indicators of risk or threat.
Cloud computing is another big vector of transformation in corporate IT and it, too, is having an effect on IAM. As this “tip” article discusses, the more cloud services we use, the more identities security professionals have to provision within these environments. Many SaaS [software as a service] scenarios often betoken a lack of control over account lifecycles.
The British Red Cross and online auction platform Catawiki are among organisations wrestling with the complexities of modern identity and access management, with SaaS applications in play at both. The former has to manage access for 2,500 permanent internal users and a further 20,000 volunteers. The latter is an auction platform for rare and hard-to-find objects and experienced rapid early-stage growth that necessitated on-boarding new employees to a variety of business applications more quickly than anticipated. Both have turned to single sign on technology.
As employee workstyles change beyond the “9 to 5 on a single site” paradigm of old, enterprises are having to cope with evermore complex access patterns. For many organisations it might be time to revisit their identity and access management strategies and modernise them.