How Identity Access Management is key in the Cybersecurity landscape

By: Matthew Hammerstone

14, May, 2019

Categories:

Cloud Computing - cyber security - Data -

  •  
  •  
  •  
  •  
  •  
  •  
  •  

 

As per Accenture’s Ninth Annual Cost of Cybercrime Study, there has been a 67% increase in security breaches over the last five years, with 11% growth in security breaches over the past year [1].

 

As the world goes digital and we move more and more of our business critical processes and information to digital platforms and cloud systems, requirement of cutting-edge and effective security tools has become indisputable. Identity and access management has gained prominence and is a critical component of any modernization and digital transformation program.

 

Identity and access management (IAM) solutions help in establishing digital identity of individual network users, validate their identity, authorize access to right enterprise assets (within the permissible limits) or deny the access privileges, within the correct context, and de-provision the identities.

 

Some of the IAM solutions are identity repositories, provisioning software, password-management systems, and security-policy enforcement, reporting and monitoring applications. These solutions help the administrators in defining the user’s role and managing their access privileges in order to prevent unauthorized access to critically important information assets and solutions and evade data breach risks.

Why have IAM become more important than ever for enterprises?

 

IAM solutions should be an integral part of any enterprise security plan as their central management capabilities can help in improving security while decreasing the cost and complexity of protecting user access and credentials.

 

Need for IAM solutions has grown as, apart from being digitally-enabled, the companies are also supporting different work models to accommodate employees, working on-site and off-site, across different regions and time-zones and managing work across hybrid compute environment encompassing disparate devices and software solutions and applications. Opening a company’s internal systems to off-site users, contractors or partners increases cybersecurity risks.

 

IAM solutions help in ensuring that the right users have access to right data or authorization to perform certain tasks, as part of their roles and responsibilities and don’t get access to any other process or information asset, outside of their permission, rendering the asset exposed to cybersecurity threats like phishing, criminal hacking, ransomware or other malware attacks.

Is IAM any good for IT staff?

 

IAM can not only offer extended secure access to a wide range of information systems within the enterprise, but also help in lowering down the support calls made to IT support teams for resetting passwords. Handling of such time-consuming and costly tasks can be automated with the help of IAMs, while the administrators and IT team can engage in more strategically important and meaningful endeavors.

Regulatory compliance and IAM

 

Importance of IAM solutions is further underscored by the newly passed regulations concerning identity management, including the General Data Protection Regulation (GDPR) and the new cybersecurity regulations of New York’s Department of Financial Services (NYDFS) passed in May 2017 that outline the requirements for the security operations of financial services firms operating in the state of New York. One of the requirements of the NYDFS regulations is to track the activities of authorized users and maintain audit logs -tasks that are generally performed by identity management solutions.

 

 

Can IAM compromise a company’s data security?

 

With IAM solutions holding the access to a company’s most critical systems and valuable assets, failure of IAM solutions can lead to a catastrophic event, causing significant damage to the company’s operations as well as reputation.

 

In Dimensional Research’s Assessment of Identity and Access Management in 2018 report, which surveyed over 1,000 IT security professionals, 59% of the respondents stated data protection as their biggest concern with their organization using IAM solutions. Unauthorized and illicit sharing of username/password lists on the dark web and sensitive data leak by disgruntled employees were some of the concerns marked in the report.

 

To tackle such challenges, companies can opt for Single Sign On (SSO), Multi-Factor Authentication or Privileged Access Management (PAM) solutions based on a user’s role, work profile and nature of the work.

 

A deeper and more holistic identity control and management can be supported with end-to-end deployment of IAM solutions coupled with the implementation of Privileged Identity Management (PIM) or Privileged Access Management (PAM) solutions. While IAM solutions can help in broader identity management, layering of PIM/PAMs can help in exercising identity and access controls at deeper, granular levels to prevent privilege misuse or abuse.

 

As we can conclude, companies should adopt IAM solutions that best suit their use cases and support better identity management for improved user access control that can effectively lower down the risk of external and internal data breaches.

 

Reference:

 

[1]

 

https://www.accenture.com/us-en/insights/security/cost-cybercrime-study

 

Sources:

 

https://www.csoonline.com/article/2120384/what-is-iam-identity-and-access-management-explained.html

 

https://www.beyondtrust.com/blog/entry/what-is-identity-and-access-management-and-why-is-it-a-vital-it-security-layer

https://www.cybersecuritycloudexpo.com