Cybersecurity is a key concern for businesses today especially as employees are increasingly using connected devices. According to Gartner estimates, 8.4 billion connected things will be in use worldwide in 2017. As the technology landscape evolves, business leaders need to steer through the intersection of digital business and increasing IT risk.
In such a scenario, Identity and Access Management (IAM) is more important than ever to ensure that the right users are given access to key organizational data and resources, while ensuring efficiency and compliance.
In an email interview with Networks Asia, Lennie Tan, Regional Director, One Identity, Asia Pacific & Japan, talks about how IAM can help enterprises forward and make it more competitive in the marketplace, while simultaneously increasing security. Tan also talks about how MDM and BYOD are changing the face of IAM.
Excerpts of the interview follows:
Q1. IAM is not new. We’ve heard vendors like VMware talking of its importance for a number of years. Most enterprises already have some form of IAM in place; whether for setting up equipment for new hires, or for some form of MDM. How has IAM evolved over the years and what does it mean now for enterprises and enterprise security? Is it essential to have an evolved plan and solution now?
Technology has been evolving at an exponential pace, changing the way enterprises function. While Identity and Access Management (IAM) has been around for a while – and its core tenants of authentication, authorization, and administration have been around forever – it has continued to evolve too as enterprises undergo digital transformation.
In the past, IAM was executed by the IT department with a bulk of the time spent on providing access to new users and password management for the traditional legacy, on-premise applications. As security threats grow and companies embrace cloud and mobility solutions, IAM has necessarily expanded as well to embrace those new technologies while becoming a key tool for risk management, ensuring greater protection and compliance.
However, even as companies invest in robust security solutions, it is essential to ensure that these are not a barrier to business transformation. IAM solutions need to be centralized, automated and integrated to enhance efficiency and productivity and serve as an enabler of digital transformation. As the technology landscape continues to change, organizations will need to review their approach to IAM to remain competitive and secure in an increasingly connected and mobile world.
Q2. How can IAM help me move an enterprise forward and make it more competitive in the marketplace, while simultaneously increasing security?
Enterprises in Asia Pacific are embracing Digital Transformation. According to IDC, 60 percent of the APAC top 1000 enterprises will have digital transformation at the center of their corporate strategy by 2017. However, along with its huge upside and inherent value, digital transformation brings a unique set of risks and security challenges. In fact, the results of a recent global survey have revealed that security is often seen as a barrier to digital transformation.
While traditional IAM frameworks can be expensive to build and time-consuming to implement and maintain, a holistic and well-implemented IAM program can be a catalyst for digital transformation. One Identity IAM solutions are standards-based, business-centric, modular and integrated, and support a governance-first approach to IAM, allowing security to become a true enabler of business innovation.
As a result, organizations are not only secure but also more agile.
Q3. How is MDM and BYOD changing the face of IAM? How much can IAM help IT come to grips with shadow IT?
The regional workforce is increasingly mobile, driven by growing implementation of initiatives such as flexible working and BYOD to promote productivity. According to IDC, enterprise mobility in Asia Pacific continues to be one of the fastest growing 3rd Platform technologies as mobility initiatives shift from an under-resourced side project to become central in driving both business and operational strategy in the enterprise.
However, mobile devices create an added layer of complexity and risk for IAM. This is especially true for BYOD as regulation of personal mobile devices involves greater effort. IAM solutions must address how access can be secured when connecting to corporate resources from a personal device. This has resulted in greater demand for multifactor authentication and single sign-on (SSO) capabilities to enable the secure use of mobile devices for corporate resources.
Shadow IT is another area of concern for organizations as identities used to access the online solutions or applications may not be authorized, putting the company at risk. Gartner predicts that through 2017, 38% of technology purchases will be managed, defined and controlled by business leaders. In such a scenario, there is a need for strong IAM solutions that can empower line-of-business leaders with greater levels of agility and control while maintaining the level of visibility and security that best-practices demand. One Identity solutions, Cloud Access Manager and Identity Manager, can help enterprises bring shadow IT into the light by providing a centralized control point and the scope to embrace new applications, processes, access scenarios and transformative initiatives without sacrificing security or control.
Q4. Given the Cloud, does the way we look at and approach IAM need to change? Where and how does the Cloud fit into an IAM strategy? When enterprises use a Cloud vendor like AWS, what do they need to look at with the vendor and their own security when it comes to IAM?
As enterprises move to the cloud, they are faced with an evolved set of IAM considerations. Employees can access corporate accounts in the cloud from any device or location. As such, they are no longer functioning within the physical office network and are not governed by on-premise security solutions. In such a scenario, where the traditional perimeter does not exist, identity becomes the new perimeter. With cloud adoption growing, effective IAM is more important than ever as the first line of defense for a company. It is also essential that IAM solutions are able to support on-premise, cloud and hybrid cloud environments to cater to the requirements of companies in different stages of adoption.
The most effective IAM solutions for the modern cloud/hybrid-cloud environment should include all of the security, visibility, and control that has long been the staple of on-premise environments, but coupled with the agility, flexibility, and convenience of a modern cloud solution. Generally, organizations will look for a dedicated cloud-IAM solution, however this is the wrong approach. In order to get IAM right for the entire enterprise (on-premise and cloud alike), a single solution (such as those offered by One Identity) should apply efficiencies, security, and risk-reducing control to on-premise resources as well as those in the cloud.
Q5. How does IAM deal with an increasingly distributed workforce and applications? How can it also deal with compliance and privacy issues?
Supporting an increasingly distributed workforce and multiple applications is a daunting task for organizations. A remote workforce provides lesser visibility and control of an employees’ actions. Multiple applications also increase the effort required by IT to manage and support the user identities for the applications. One Identity IAM solutions eliminate complexities and time consuming processes by providing a holistic solution, with centralized control and capability to address IAM challenges across on-premise, cloud, and hybrid environments. With the strong identity governance and access control, irrespective of location or device, enterprises are able to meet regulatory and compliance needs while enhancing security. With greater control and visibility, it is much easier for organizations to satisfy both their employees’ demands for convenience and regulatory requirements for security and privacy.
Q6. How does IAM fit into all of this? How can we ensure that data is accessible to those with the right credentials and access rights? How should enterprises deal with orphan accounts? Who should be managing IAM solutions? Who should be in charge of monitoring or reviewing of IAM set-ups? What about approvals or determining the different levels of access or user privileges? What about oversight of problems with combinations of access? What about the user privileges of super-users? How can or should their access be monitored and curtailed?
All the above questions are IAM related. They are essentially key questions or problems that Identity Governance solutions are meant to solve. The specific answers to each of the questions will be dependent on the security policies of enterprises. But more importantly, large enterprises will need an Identity Governance platform, such as One Identity’s Identity Manager to facilitate the following:
- Access Governance
- Data Governance
- Privileged account governance
- Business-enabled access request and fulfilment
- Attestation or recertification
- Role engineering
- Automated enterprise provisioning
- Identity unification and process orchestration
In addition, they will need access controls to ensure that the right people can get to the right resources in all the ways they want, without diminishing security. One Identity solutions offer the following for access control:
- Single sign-on
- Federation
- Secure remote access
- Password management
- Multifactor authentication
- Directory management and security
Q7. What solutions are there to help enterprises come to grips with IAM? How many open source based solutions are there and how much will they be able to help? When should paid options be considered? How do free solutions compare to paid ones? Are there single solutions that will solve everything? How should they fit in with existing security solutions and legacy infrastructure?
Solutions by One Identity cover everything from identity governance, access management and privileged account management to IAM-as-a-Service.
Open source IAM solutions are available in the market. While these may seem attractive because of the apparent lack of capital expenditure for deployment, the truth is, one still has to consider costs such as hardware, integration, training and consulting. Another issue is support for open source solutions which is often an added cost and can be unreliable. In comparison, ‘paid options’ offer greater reliability and support, even if they may require greater upfront investment. The solutions also cater to wider customer preferences, offering support for on-premise, cloud and hybrid environments while a large number of vendors for open source solutions exclusively support on-premise. In our experience, some IAM challenges can be addressed with open source options, but comprehensive IAM is impossible without a focused and dedicated partner (like One Identity) that can help an organization navigate the intricacies of each individual environment, corporate climate, objectives, and regulatory pressures.
Q8. We've heard a lot of enterprises talk about going digital. What does this mean for IAM with regards to data security, integrity and fidelity? How do enterprises deal with IAM when working with partners, suppliers and customers as they go digital?
Digital transformation is a fast-growing reality in business. In a recent global survey, 97% respondents stated that they are investing in digital technologies to transform their business. However, this transformation carries a unique set of risks and security challenges. Enterprises must take into consideration, corporate access from personal devices, managing cloud and hybrid cloud environments, shadow IT and securing IoT devices – all of which provide a gateway into valuable company data and resources. As a result, it is imperative that IAM solutions are robust, flexible, and integrated so that they can support and protect the entire range of platforms and technologies.
With the growth of BYOD and the growing network of partners, suppliers and customers, enterprises are adopting solutions such as single sign-on and two factor authentication to provide access to these users. But it all comes down to user access, and only a universal provisioning/governance solution can truly address those needs across the evolving environment.
One Identity strategy for deployment of our solutions is via partners. We strongly believe that, on top of the technical installation and configuration of our platform, our partners are in more intimate relationships with customers, allowing them to recommend the best way for our products to be integrated into their complex environments. We also believe that IAM deployments are multi-phase projects that touch every part of an enterprise. Customers’ involvement and active participation, especially executive sponsorships, are critical success factors for any IAM deployment.
Q9. What are some of the successful case studies?
We work with a variety of customers across industries to provide the relevant identity and access management solutions. For instance, AGL energy, one of Australia’s leading integrated energy companies, leveraged One Identity Manager to address the limitations in their existing IAM framework.
Before the implementation, it could take up to three days for a new starter to gain access to the applications they needed as the IT helpdesk would manually provide access. Other change events, such as extensions to access rights or deactivation of user accounts, were just as time-consuming.
On any given month, the help desk recorded up to 1,350 change requests where tickets had to be raised. Besides being resource intensive, the legacy IAM system also raised questions over security. It was difficult to pinpoint which employee had access to which application at any one time, and to check and certify who had access to what took up to three months of manual work.
To address these challenges, AGL needed to streamline and automate its IAM processes and empower end users and the line-of-business in order to ease the burden on IT.
By automating IAM through One Identity Manager, AGL was able to dramatically reduce the time for on-boarding new staff. In fact, all change requests became faster and more efficient. The solution also provided greater visibility and control over who has access to what applications – reducing the chance of people having permissions beyond their job roles.
Overall, AGL was not only able to mitigate risk but also empower personnel and improve productivity and efficiency, while enhancing audit and compliance capabilities.
AGL is just one example. There are thousands of organizations worldwide that rely on One Identity to address their access management, identity governance, and privileged management needs.