The New IAM: 5 Challenges That Add New Risks

Tod Besse
November 12, 2018

Identity access and management (IAM), the IT security discipline dedicated to ensuring that the “right persons have access to the right resources at the right time for the right reasons,” has been around since the early 2000s. At that time, organizations and their IT teams were responding organically to the need for managing identity.

The urgency of the issue was not recognized, however, until events precipitated by Enron and other companies led to Sarbanes-Oxley (SOX) legislation, which called for tighter controls on employee access.

With IAM, organizations can provide users with a single identity (or single sign-on) to use for access to a wide range of applications and devices across the enterprise. Over the years, the road to IAM at many organizations has been a bumpy one. With thousands of users and hundreds of applications to manage, the challenges are greater than ever.

A recent report found, for example, that 44 percent of organizations take weeks to provide access across applications and systems—and 32 percent of IT organizations can take weeks more to remove former users from access to applications and systems.1

 

Many other developments have created additional speed bumps:

  1. More devices. More problems. The interconnected world of devices in which businesses operate complicates identity management. The proliferation of IoT-enabled devices with their disparate authentication methods, for example, is creating havoc for organizations seeking ways to identify and manage them appropriately.
  2. IAM in the cloud. Digital transformation of organizations complicates things even further. Moving to the cloud has added new networks and platforms that users must access, and organizations must manage. According to a recent report by Forrester2, today’s digital businesses need to do more than enforce employee access to corporate applications and data. They need to pay attention to access of employers, partners, and customers in hybrid environments that encompass cloud, on-premise, mobile, and SaaS applications.
  3. Playing by the rules. Complex security policy requirements such as HIPAA have created new operational requirements for data access. In response, organizations need to adopt an access control model that matches the type and sensitivity of data they are managing.
  4. A new balancing act. The General Data Protection Regulation (GDPR) has created a need for greater integration of security and privacy. Even though this regulation only applies to data for EU citizens, it is quickly impacting IAM best practices everywhere, making it more important for businesses to respond to employee demands for the way their data is managed, while ensuring their privacy.
  5. Not enough experts. Clearly, the demand for IAM capabilities will increase, but that growing demand is also creating a shortage of IAM professionals, according to Forrester, which reports that 40 percent of respondents to its 2017 Data Global Business Technographics® Security Survey expect their IAM budgets to grow.

 

Identity solutions

Your IAM solution should include partner software with RF IDeas readers to lock down access controls and establish privilege access so employees only have access to the systems and information they need to effectively do their jobs and only for the necessary duration.

RF IDeas offers a complete family of badge readers to meet your need for error-free identification—and with flexible configurations and multiple form factors to meet your IAM requirements. Our readers can help you take your IAM program to the next level, supporting the enterprise as you adapt your IAM strategies to address mobile credentials for logical access and authentication. For more information, please click here

 

[1] https://betanews.com/2018/10/09/identity-access-management-struggle/

[2] https://gca.net/sites/default/files/Top%20IAM%20Trands.pdf