11 Mar 2011
Most identity and access management (IAM) projects struggle to achieve their objectives, according to analyst firm Gartner.
It argues that companies should get away from basing their IAM projects around technologies and applications and instead make them part of an overall business strategy.
"Between half and two-thirds of organisations attempting to establish a truly-effective IAM programme approach it in the wrong way," said Earl Perkins, research vice president at Gartner.
Identity and access management specialist Courion explained that problems often stem from a disconnect between IT and the business.
"Traditionally an IT department will store its IAM data in an incredibly complex IT language that is incomprehensible to anyone else," said Kurt Johnson, vice president strategy at Courion.
"The business people are just as bad, it's all tribal knowledge carried around in their heads. They might think, 'I know Martin, he's been working for me for years, I know what he has access to'."
He added that often this knowledge is never documented, and the first step towards a successful IAM implementation is to formally capture this information.
"You need to map the business speak with the IT entitlements to help people define policies and roles. In its simplest form, what should people have access to?"
Johnson stated that it is also important to understand where the strictest controls need to be.
"Then you need to assess the risk, where do the strongest access controls need to be in place? What are the highest risk applications? We don't care about the SharePoint site tracking your favourite football club, but do about the ones handling trade secrets and financial data."
A project built on these fundamentals will have a far better chance of success, according to Courion.
The reason business and IT have a disconnect around Identity and Access Management (IAM) is because IAM is seen as a security control, rather than enabling agile business models. So before you start, business and IT are talking different languages.
IAM can be directly relevant to achieving competitive advantage. It allows you to set up trust relationships with customers and partners very quickly and opens up the flow of information in a secure and appropriate way.
It is the key to making the most of new technologies such as the cloud, personal devices (like Ipads, smart phones or personal PCs), portals and cloud based applications such as Salesforce.com.
If business started seeing IAM as the mechanism for making sure the right people can get access to the right information, at the right time, IAM projects would be better focused and gain greater business sponsorship.
Posted by: Tim Dunn 15 Mar 2011
Have your say on this article
Newsletters
Latest stories from Security
Latest videos
You may also like
Security jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
