Industry Voice: Reducing complexity in IAM

clock • 3 min read
Industry Voice: Reducing complexity in IAM

With more and more employees and customers accessing corporate systems and data remotely or on the move, Identity & Access Management (IAM) has become a critical tool for IT decision makers.

IAM is important: organisations must be able to verify the identity of both employees and customers, to ensure they have appropriate levels of access to data and applications, both in the cloud and on premises.

But while IAM is an asset, growing digital complexity can be a challenge. Changing employee roles, device proliferation, application numbers, plus the growth of cloud-based and remote workforces - and customers - can burden the system.

When security and accessibility are the targets, internal complexity gets in the way. Customers and employees alike want low friction, utility levels of service. Neither group wants to jump through endless hoops to access the information they need: it's frustrating and demotivating.

One challenge may be the number of IAM solutions within the enterprise, which has both management and friction implications.

A Computing survey of IT leaders in medium-sized professional organisations found that while over one-quarter of enterprises (27 percent) operate just one IAM application, nearly one-third have two and nearly 25 percent operate three. Twelve percent of respondents said they have four or five separate IAM systems.

A belt-and-braces approach is fine, but such a proliferation of different authentication tools has the potential to create unwanted complexity when it comes to managing the technology. It makes sense to rationalise access management to avoid these problems and have a single enterprise-grade solution.

There are other reasons for doing this. Today's employees have a wealth of different workplace applications at their disposal, which all aid productivity. Having multiple logins eats into that productivity and efficiency. Password fatigue can itself be a challenge.

Employees often reuse passwords for different applications. This makes their lives easier and more productive, but it also increases the risk of an adversary gaining access to multiple systems.

The ideal would be a single, secure, authenticated sign-on to multiple applications, based on recognised user privileges. Our survey findings suggest that IT leaders should adopt an IAM solution that has the broadest and deepest functionality, with the least opportunities to game the system.

Our survey also found that system integration, privileged user management, identity management, acceptance by staff, compliance, data protection, and cost are the biggest challenges for IT teams to overcome, based on managers' responses.

Put simply, IAM adoption has technical, management, and cultural dimensions, which all need to be understood by IT leaders.

Organisations should adopt IAM systems that provide a central control point. The goal is enabling effective, role-based access via a single set of login credentials. But there is more to the technology than that.

Many users see IAM purely in terms of Multi Factor Authentication (MFA), Single Sign On (SSO), or privileged access/user management, but IAM covers a broader architecture, including API access management, user lifecycle management, and hybrid cloud gateways.

However, our survey found that by far the biggest spur for IAM adoption is cyber security in general, with compliance following behind. The security landscape is certainly changing fast, spurred on by the pandemic widening the security perimeters of some organisations.

Endpoint defences are being put under increasing pressure, while sophisticated malware, ransomware, scams, frauds, and phishing attempts are on the rise.

In all these instances, IAM has a central role in minimising risk. Hybrid working patterns demand that enterprises know that users are who they claim to be - and this information needs to be validated often.

Risk can be internal too, for example when employees leave. Deauthorising them from applications is essential for both security and compliance mandates, so IAM solutions should be able to deploy directory services and so bring (auditable) peace of mind.

Integration in complex, hybrid IT estates is a further challenge for IT leaders. Enterprises should look for an IAM solution that is compatible with multiple technologies and can be managed from a single point.

The goal should be integrating new applications with SSO and user management capabilities without spending hours configuring the system


This post is funded by Okta

More on Hardware

Large corporations can save millions of dollars by using open source software - a practice that is legal but, developers argue, immoral

Another open source dev stops support because corporates won't pay

Christofer Dutz is the latest in a series of developers to down tools in protest at corporates' free use of their work

clock 14 January 2022 • 3 min read
Users of open source projects like Amazon's Cloud Development Kit were left flat-footed by the change

Open source developer corrupts own libraries

faker.js and color.js started generating gibberish data after a developer update

clock 10 January 2022 • 2 min read
Industry Voice: Why grabbing the opportunity of IAM is about more than just identity

Industry Voice: Why grabbing the opportunity of IAM is about more than just identity

clock 05 January 2022 • 3 min read