The Current State of Identity and Access Management
In this article
In today's environment, there are countless risks, technologies and focus areas for you to consider when building a robust security program. Identity should not be neglected in these considerations. Identity and access management (IAM) ensures the right people and devices have the right access at the right time.
Without proper identity management, the best security tools in the world won't protect your data from inappropriate access. If you can't properly identify and authenticate the users accessing your information, it makes it very easy for attackers to impersonate privileged users. With the traditional "walls" around business disappearing, identity has become the new perimeter.
We've all heard the big trends in IT and security over the past few years: cloud, Internet of Things, BYOD and digital transformation, among others. The clear result of these trends is that traditional perimeter-based network defense is no longer sufficient. Employees, partners and customers expect to be able to access information regardless of their location or device, which means that identity is more important now than ever before.
Inappropriate access to data is a primary security concern for a multitude of reasons. The most obvious is the variety of regulations that enforce the protection of personal information, such as PCI, HIPAA and GDPR. Data breaches that run afoul of these regulations can result in huge fines, not to mention the loss of reputation that the business suffers as well. In addition, many companies rely on their proprietary information and knowledge in order to maintain a competitive edge. This data is also a clear target for attackers.
To fully protect your business, a robust IAM program should be the backbone for your security program. WWT considers the following five areas to be the pillars of a complete identity program:
- lifecycle and governance;
- privileged access management;
- single sign-on and multi-factor authentication;
- network access control; and
- encryption (certificate and key management).
It can be difficult and expensive to implement all five pillars of identity, especially if you take a "boil the ocean" approach and try to implement all of them simultaneously across your enterprise. Instead, you should start small to build momentum and confidence.
Simply adding multi-factor authentication to access your internal network is a relatively inexpensive and easy way to add a great deal of security, even if you must deal with a bit of initial push back from your users.
The IT world is constantly evolving, and with that comes an ever-changing environment for security professionals to contend with. As security professionals, we must also constantly evolve to keep pace with the world around us.
It can be both exciting and terrifying. What we can be sure of is identity and access management will continue to be of key importance in order to fight against malicious actors and protect sensitive data.
RSAConference 2020 is coming up at the end of February. It will be interesting to learn even more about emerging trends, technologies and strategies from the perspective of some of the industry's security leaders. You can look forward to a post-conference overview from the WWT security experts, in which we will provide what we identified as the key takeaways from the conference.
It is no easy task to properly design and implement each pillar in a complete identity program, but WWT has the experience and expertise to assist in this endeavor, as well as other efforts related to information security. Feel free to connect with me or any of the professionals listed on this site if you would like to learn more about how we can help.
Make sure to follow our IAM topic for the latest on identity and access management.