Identity and Access Management: A Must for Global Businesses & How it could be Converged with Modern Security Solutions
A 26 years experienced technology & security professional, he is excellent in creating strategic alliances with leading OEMs. Primarily focused on cybersecurity including Identity & Access Management & Consulting, he has worked with global clients across the globe.
•Why an effective IAM strategy is a must for organizations of all sizes?
Ans: In today’s world, BYOD and mobile workforce is a reality that takes information beyond the boundaries of an enterprise. The proliferation of digital customers and the growing retail & e-commerce business indicates that people need access to information on the fly. Hence, we are quickly realizing that Identity and Access Management (IAM) is an area where we can lose control rapidly. Traditional approaches and strategies from the inhouse data-center world would not suffice anymore. Organizations need to rapidly invest in the technologies and processes to stay ahead in this complex threat landscape and to prevent repercussions of poor IAM governance. Investment in IAM doesn’t just mitigate risk; but can also improve productivity, efficiency and increase employee satisfaction.
Many organizations at different levels of IAM maturity often find themselves taking a piecemeal approach to security, identity, and access that ends up dealing with issues as they arise rather than having a holistic strategy. In some cases, these organizations have addressed a business or technical problem by implementing a tool, only to discover another problem has cropped up elsewhere. Often the problems that need fixing are obvious, but without a strategy and roadmap, these organizations don’t know how to address them.
Every organization should have an IAM strategy, an understanding of the right technologies for their requirements, and a roadmap for implementation. Organizations with strategies, roadmaps, and a phased delivery approach can accelerate their project outcomes, better manage scope, secure long-term executive and stakeholder support, and reduce costs through efficiencies.
But each organization has different needs and priorities, and as they evolve, their needs and priorities also evolve. The case to invest in an IAM strategy is clear and compelling. Organizations can benefit from an assessment of their unique state, where they are today and a detailed roadmap for the way forward. When they know their options for managing risk, complexity, costs and compliance, organizations can align their strategy with broader business goals and develop a realistic plan for implementing it.
"Every organization should have an IAM strategy, an understanding of the right technologies for their requirements, and a roadmap for implementation".
•Where do you see the global IAM market in the coming years? What are the factors contributing to it?
Ans: With the increasing demand for cloud-based solutions, micro-services architecture, compliance management and mobility solutions, the Identity and Access Management (IAM) market is poised at a very interesting stage of growth.
Organizations are now discarding the old model of ‘trust but verify’, which relied on well-defined boundaries. They are adopting the ‘Zero Trust’” model, which is centred on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify everything trying to connect to its systems before granting access. Organisations can ensure that full access to non-sensitive data is given to all while a Zero Trust approach becomes the norm for higher sensitivity data.
Identity validation continues to be an ongoing challenge and with the advent of IoT devices, it has become complex. Every person, phone, computer, and IoT device has an identity that must be authenticated to establish trusted communication.
As organizations, and especially those that are in the developing stage continue to invest in the cloud, the apprehensions related to cloud security cannot be denied. CASB that connects the cloud provider and the cloud service consumers with better security will see an increase in demand and implementation of Single Sign-On (SSO) for all cloud services and hybrid environments to provide a better user experience. SAML, OAuth 2.0, OpenID, and other protocols mean that people will see a drastic reduction in the number of unique accounts and credentials necessary to log in to certain websites.
With the rise of bring your own device (BYOD) culture in the workplace and the access to personal accounts, the lines around corporate and personal identities have started to blur. Context is a large part of redefining identity, with ‘who you are’ being based on several factors rather than just a username and password. AI and Machine learning in IAM is expected to be a growing trend and can get to know a person so well that all the data collected about them, combined with multi-factor authentication, will securely identify most people.
Additionally, let’s not forget that most of the recent data breaches were ultimately the result of the administrator accounts being compromised. There is an enormous need for better forms of authentication and authorization for the administrator accounts as these accounts are often shared and lack adequate activity monitoring. Increased auditor sophistication and organizational emphasis on compliance combined with the realization of privilege elevation attacks have raised concerns about privileged accounts to the highest levels of the organization. Hence, Privileged Access Management (PAM) would play a strong part in the Zero Trust Architecture.
