Accelerating Business with Identity and Access Management

How businesses can leverage Identity and Access Management (IAM) to achieve competitive advantage, mitigate security risks and comply with regulations.

Matthew Gardiner

Businesses today depend on the right people being able to access the right IT resources right away. Everyone across the enterprise needs immediate access to a specific set of information systems in order to efficiently do their jobs every day. Ready access can’t be achieved at the cost of security. To protect sensitive corporate data and comply with regulatory mandates, IT organisations must maintain tight control over system access.

This control is made even more challenging by the fact that access to sensitive IT resources must also be provided to a growing number of external users, including customers, suppliers and partners. These outward-facing resources—which are typically Web-based—must also be well-secured, while they are also made readily accessible to support trusted business relationships.

Add the complexity of administering an amalgamation of mainframe, Windows, Linux and Unix systems, and it’s obvious why IAM has become one of the biggest pain-points for a CIO.

When IAM goes wrong

There are several specific downside consequences to poor IAM practices including:

• Higher operational costs: IT organisations that have to put too much effort into setting up user accounts and managing user entitlements will get swamped as the number of users and resources continue to multiply.
• Security risks: Inadequate IAM exposes the business to a variety of serious threats—including identity theft, breaches of customer and employee confidentiality, and information sabotage.
• Regulatory and non-compliance: The advent of Sarbanes-Oxley, HIPAA and Basel II has made it essential to be able to both control and audit access to IT resources with a new level of granularity. Companies that fail to fulfill these mandates will suffer financial consequences and possible damage to their corporate reputations.
• Slower business “reflexes”: Companies that can’t quickly give internal and external constituencies access to the resources they need will find themselves at a continuous disadvantage as they lose productivity, miss opportunities, and deliver promised benefits too slowly. The impact on customer satisfaction can be particularly pronounced as users’ expectations about how quickly companies can grant them access to online services continue to rise.

Smarter IAM

Rather than operating reactively and in a fragmented manner across mainframe, distributed and Web-based systems, IT organisations are beginning to adopt a more unified and pro-active approach. Under this emerging model, user identities are defined according to their business roles.

Once a user’s identity and corresponding business role is established, access to appropriate systems is automatic and immediate. Companies that aggressively implement the tools and processes required to achieve more sophisticated IAM are reaping a wide range of business benefits that include lower administration costs, reduced exposure to information risk, better compliance with regulatory mandates, and faster delivery of value-generating IT services.

Ultimately, however, improved IAM is about getting more value from every technology dollar. If you’re spending less on IT “housekeeping,” you can spend more on things that actually drive competitive advantage. And if you can deliver services where and when they’re needed with greater flexibility, you’ll improve both time-to-benefit and user or customer satisfaction.

IT organisations should therefore carefully re-evaluate the way they currently enable and disable access to their business systems and take immediate steps to automate, unify and streamline their IAM processes.

— By Matthew Gardiner, Senior product marketing manager, Security Management business, CA