Effective identity and access management platform is likely the single most important responsibility for today’s chief information security officers (CiSO).
Information and Access Management, or IAM, is the bread and butter of securing a network, ensuring access to data and applications is controlled and uncompromising.
IAM plays a vital role in a company’s overall security framework. Having an effective strategy enables enforcement of the full range of security policies throughout the enterprise.
The elements that should be integrated into an IAM strategy are diverse and constantly evolving. This is especially true in light of the new, game-changing regulations and standards impacting the way companies structure their security protocols. The advent of data protection laws such as GDPR and New York’s DFS Cyber Regulations have made IAM one of the top security investments for companies worldwide.
With this in mind, it’s worth taking a fresh look at some of the questions companies should be asking before they invest in an IAM solution.
On-Premises vs the Cloud
The decision between on-site and cloud IAM systems, or IDSaaS (Identity as a service), is typically a question that divides IT departments. On the one hand, IDSaaS does have its pros. These solutions come with pre-set protocols and are of course supported by the provider. What this means for clients of an IDSaaS system is that they’ll be freed from most of the maintenance that goes into IAM.
On-premises solutions, however, have some key advantages from both a security and logistical standpoint. First off, on-site systems certainly tend to give managers more control over IAM protocols, allow IT departments to customize operations according to need and create less friction from a user experience perspective. Second, on-site IAM is the more secure option as cloud options open a single point of entry to hackers seeking to breach a system. Additionally, researchers have pointed to the increased risk to cloud services themselves of being targeted bycybercriminalss, which only exponentializes the potential vulnerability to IDSaaS users. This becomes especially problematic when it comes to industries with high security needs, such as finance and healthcare, that many cloud services are not equipped to provide.
Integrating IAM Solutions with Existing Apps
Cloud-based Software as a Service (SaaS) has added a thick layer of complexity to identity management. Companies today rely on a slew of online apps for their operations. This means any identity management solution they adopt has to support those programs. The ever increasing number of mobile and personal devices connected to company networks has also added a logistical consideration to IAM. Companies now need to implement IAM with mobile access in mind. A great example of this trend in actions is the growing use of ActiveSync for mobile email access – a protocol designed originally for single factor, password based authentication.
The lesson for businesses: Take stock of every app that you want employees to have access to, then confirm with potential vendors they support the authentication standards of these programs.
Emerging Trends and Security Needs
IAM has gone through several overhauls over the past several years. New patterns in identity management such as BYOD and Federated Identity have signaled both the changing needs of companies and the development of better and more efficient tools. The industry leader Gartner worth considering when taking on an identity management system.
The Top Up and Coming IAM Trends
- Analytics-led based authentication integrating behavioral assessments of users is making increasingly more headway into the market. Such tools will be present in half of all IAM platforms in within the next five years.
- Over the next four years, decentralized identity and access management will be present in over a third of all IAM solutions. Blockchain and other decentralizing tools have been shown to be in securing authentication data from fraud and hacking attempts by creating a transparent peer-to-peer network inherently resistant to tampering.
- The danger posed by privileged accounts that give specific users a far greater amount of access, has proven to be a real risk to companies by exponentialize the insider threat. By 2020, 40 percent of medium-to-large enterprises will have deployed privileged access management to mitigate this vulnerability.
Why Are Software Tokens a Better Option