identity management

A Finger in the Air: Measuring the Winds of Change for Identity Management, Security and the Road Ahead

We continue to experience many strides and steps forward in regard to technology advancement, especially as related to identity and access management solutions. Organizations will likely continue to make great strides as they continue to attempt to gain more control over security and access to their data.

According to Gartner, identity and access management “is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise.”

Specifically, enterprises and organizations that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives. The proof bears that out, Gartner reports.

We continue to have read the multiple and numerous headlines about high-profile hacks and breaches of customer information – here a beautifully shocking graphic highlighting the world’s biggest breaches the last 13 years. Yet, we seldom hear any detail about internal access breaches (breaches because of internal organizational issues).

For example, where an employee inadvertently has access to sensitive information and uses it for nefarious purposes. According to a somewhat recent report by Infosecurity magazine, among the companies experiencing data breaches, internal actors were responsible for 43 percent of data loss, half of which was intentional, and half accidental. “Breaches perpetrated by disgruntled employees and other forms of inside jobs come in at sixth place for most of the world in terms of security concerns, except in Asia-Pacific, where it’s No. 2,” the magazine reports.

These internal breaches may not seem to organizations to be detrimental in the near term, but could pose significant risk should the employee decide to leave or have an axe to grind with the organization.

Perhaps most importantly, large, multi-national organizations have been able to spend six to seven figure sums, assign internal teams and hire consultants for six to 18 months to ensure that processes like role-based access control (RBAC), attestation and reconciliation were running smoothly and accurately. However, small to mid-size organizations have found the cost and time to outweigh the benefits and have done the best they could to secure the internal network and data access with limited resources. This is changing. The solutions are finally available for all organizations, and when implemented, provide added protection to the security of an organization’s data.”

We’ll continue to see solution providers take forward movement and provide great strides to offer simpler, low-cost solutions in identity governance and administration. These solutions mean organizations that were previously excluded from considering these products will now be able to implement these solutions without the needs of hiring consultants or spending their entire IT budget for the year on them.

As with so many other technologies, what started out as only accessible to a few, will now be driven down market to become a reality for many. The real winner in this scenario are these small to mid-size companies that will now be able to implement best-of-class solutions to secure data, application and network access without the burden of world-class prices.

The coming term ahead and the trends that develop will likely bring tremendous promise. If nothing else, the promises of the time to come appear to be one where more security it procured for organizations in so far as reducing unauthorized access to data and applications and securing the same on a “need to know” basis since they’ll likely continue implementing these solutions.

Scroll to Top