Partner Insight: Reducing complexity in IAM

clock • 3 min read
Partner Insight: Reducing complexity in IAM

With more and more employees and customers accessing corporate systems and data remotely or on the move, Identity & Access Management (IAM) has become a critical tool for IT decision makers.

IAM is important: organisations must be able to verify the identity of both employees and customers, to ensure they have appropriate levels of access to data and applications, both in the cloud and on premises.

But while IAM is an asset, growing digital complexity can be a challenge. Changing employee roles, device proliferation, application numbers, plus the growth of cloud-based and remote workforces - and customers - can burden the system.

When security and accessibility are the targets, internal complexity gets in the way. Customers and employees alike want low friction, utility levels of service. Neither group wants to jump through endless hoops to access the information they need: it's frustrating and demotivating.

One challenge may be the number of IAM solutions within the enterprise, which has both management and friction implications.

A Computing survey of IT leaders in medium-sized professional organisations found that while over one-quarter of enterprises (27 percent) operate just one IAM application, nearly one-third have two and nearly 25 percent operate three. Twelve percent of respondents said they have four or five separate IAM systems.

A belt-and-braces approach is fine, but such a proliferation of different authentication tools has the potential to create unwanted complexity when it comes to managing the technology. It makes sense to rationalise access management to avoid these problems and have a single enterprise-grade solution.

There are other reasons for doing this. Today's employees have a wealth of different workplace applications at their disposal, which all aid productivity. Having multiple logins eats into that productivity and efficiency. Password fatigue can itself be a challenge.

Employees often reuse passwords for different applications. This makes their lives easier and more productive, but it also increases the risk of an adversary gaining access to multiple systems.

The ideal would be a single, secure, authenticated sign-on to multiple applications, based on recognised user privileges. Our survey findings suggest that IT leaders should adopt an IAM solution that has the broadest and deepest functionality, with the least opportunities to game the system.

Our survey also found that system integration, privileged user management, identity management, acceptance by staff, compliance, data protection, and cost are the biggest challenges for IT teams to overcome, based on managers' responses.

Put simply, IAM adoption has technical, management, and cultural dimensions, which all need to be understood by IT leaders.

Organisations should adopt IAM systems that provide a central control point. The goal is enabling effective, role-based access via a single set of login credentials. But there is more to the technology than that.

Many users see IAM purely in terms of Multi Factor Authentication (MFA), Single Sign On (SSO), or privileged access/user management, but IAM covers a broader architecture, including API access management, user lifecycle management, and hybrid cloud gateways.

However, our survey found that by far the biggest spur for IAM adoption is cyber security in general, with compliance following behind. The security landscape is certainly changing fast, spurred on by the pandemic widening the security perimeters of some organisations.

Endpoint defences are being put under increasing pressure, while sophisticated malware, ransomware, scams, frauds, and phishing attempts are on the rise.

In all these instances, IAM has a central role in minimising risk. Hybrid working patterns demand that enterprises know that users are who they claim to be - and this information needs to be validated often.

Risk can be internal too, for example when employees leave. Deauthorising them from applications is essential for both security and compliance mandates, so IAM solutions should be able to deploy directory services and so bring (auditable) peace of mind.

Integration in complex, hybrid IT estates is a further challenge for IT leaders. Enterprises should look for an IAM solution that is compatible with multiple technologies and can be managed from a single point.

The goal should be integrating new applications with SSO and user management capabilities without spending hours configuring the system

 

This post is funded by Okta

You may also like
Digital transformation falls apart without access management

Strategy

Seamless journeys are crucial to the digital experience

clock 05 December 2022 • 2 min read
Zero trust is addressing hybrid working challenges

Security

IT leaders from legacy institutions and startups are all moving towards least-privilege

clock 01 December 2022 • 5 min read
What to expect at Deskflix: Identity & Access Management?

Security Technology

Learn about regulation, tech developments, system security and remote access.

clock 28 October 2022 • 1 min read
Most read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read
Microsoft announces critical zero-day Exchange bug

Microsoft announces critical zero-day Exchange bug

Enables remote control of Exchange Server

Vikki Davies
clock 16 February 2024 • 1 min read