Accelerating Business with Identity and Access Management
How businesses can leverage Identity and Access Management
(IAM) to achieve competitive advantage, mitigate security risks and comply with
Businesses today depend on the right people being able to
access the right IT resources right away. Everyone across the enterprise needs
immediate access to a specific set of information systems in order to efficiently
do their jobs every day. Ready access cant be achieved at the cost of
security. To protect sensitive corporate data and comply with regulatory mandates,
IT organisations must maintain tight control over system access.
This control is made even more challenging by the fact that access to sensitive
IT resources must also be provided to a growing number of external users, including
customers, suppliers and partners. These outward-facing resourceswhich
are typically Web-basedmust also be well-secured, while they are also
made readily accessible to support trusted business relationships.
Add the complexity of administering an amalgamation of mainframe, Windows, Linux
and Unix systems, and its obvious why IAM has become one of the biggest
pain-points for a CIO.
When IAM goes wrong
There are several specific downside consequences to poor IAM practices including:
- Higher operational costs: IT organisations
that have to put too much effort into setting up user accounts and managing
user entitlements will get swamped as the number of users and resources continue
- Security risks:
Inadequate IAM exposes the business to a variety of serious threatsincluding
identity theft, breaches of customer and employee confidentiality, and information
- Regulatory and non-compliance:
The advent of Sarbanes-Oxley, HIPAA and Basel II has made it essential to
be able to both control and audit access to IT resources with a new level
of granularity. Companies that fail to fulfill these mandates will suffer
financial consequences and possible damage to their corporate reputations.
- Slower business reflexes: Companies
that cant quickly give internal and external constituencies access to
the resources they need will find themselves at a continuous disadvantage
as they lose productivity, miss opportunities, and deliver promised benefits
too slowly. The impact on customer satisfaction can be particularly pronounced
as users expectations about how quickly companies can grant them access
to online services continue to rise.
Rather than operating reactively and in a fragmented manner across mainframe,
distributed and Web-based systems, IT organisations are beginning to adopt a
more unified and pro-active approach. Under this emerging model, user identities
are defined according to their business roles.
Once a users identity and corresponding business role is established,
access to appropriate systems is automatic and immediate. Companies that aggressively
implement the tools and processes required to achieve more sophisticated IAM
are reaping a wide range of business benefits that include lower administration
costs, reduced exposure to information risk, better compliance with regulatory
mandates, and faster delivery of value-generating IT services.
Ultimately, however, improved IAM is about getting more value from every technology
dollar. If youre spending less on IT housekeeping, you can
spend more on things that actually drive competitive advantage. And if you can
deliver services where and when theyre needed with greater flexibility,
youll improve both time-to-benefit and user or customer satisfaction.
IT organisations should therefore carefully re-evaluate the way they currently
enable and disable access to their business systems and take immediate steps
to automate, unify and streamline their IAM processes.
By Matthew Gardiner, Senior product marketing manager,
Security Management business, CA