With more and more employees and customers accessing corporate systems and data remotely or on the move, Identity & Access Management (IAM) has become a critical tool for IT decision makers.
IAM is important: organisations must be able to verify the identity of both employees and customers, to ensure they have appropriate levels of access to data and applications, both in the cloud and on premises.
But while IAM is an asset, growing digital complexity can be a challenge. Changing employee roles, device proliferation, application numbers, plus the growth of cloud-based and remote workforces - and customers - can burden the system.
When security and accessibility are the targets, internal complexity gets in the way. Customers and employees alike want low friction, utility levels of service. Neither group wants to jump through endless hoops to access the information they need: it's frustrating and demotivating.
One challenge may be the number of IAM solutions within the enterprise, which has both management and friction implications.
A Computing survey of IT leaders in medium-sized professional organisations found that while over one-quarter of enterprises (27 percent) operate just one IAM application, nearly one-third have two and nearly 25 percent operate three. Twelve percent of respondents said they have four or five separate IAM systems.
A belt-and-braces approach is fine, but such a proliferation of different authentication tools has the potential to create unwanted complexity when it comes to managing the technology. It makes sense to rationalise access management to avoid these problems and have a single enterprise-grade solution.
There are other reasons for doing this. Today's employees have a wealth of different workplace applications at their disposal, which all aid productivity. Having multiple logins eats into that productivity and efficiency. Password fatigue can itself be a challenge.
Employees often reuse passwords for different applications. This makes their lives easier and more productive, but it also increases the risk of an adversary gaining access to multiple systems.
The ideal would be a single, secure, authenticated sign-on to multiple applications, based on recognised user privileges. Our survey findings suggest that IT leaders should adopt an IAM solution that has the broadest and deepest functionality, with the least opportunities to game the system.
Our survey also found that system integration, privileged user management, identity management, acceptance by staff, compliance, data protection, and cost are the biggest challenges for IT teams to overcome, based on managers' responses.
Put simply, IAM adoption has technical, management, and cultural dimensions, which all need to be understood by IT leaders.
Organisations should adopt IAM systems that provide a central control point. The goal is enabling effective, role-based access via a single set of login credentials. But there is more to the technology than that.
Many users see IAM purely in terms of Multi Factor Authentication (MFA), Single Sign On (SSO), or privileged access/user management, but IAM covers a broader architecture, including API access management, user lifecycle management, and hybrid cloud gateways.
However, our survey found that by far the biggest spur for IAM adoption is cyber security in general, with compliance following behind. The security landscape is certainly changing fast, spurred on by the pandemic widening the security perimeters of some organisations.
Endpoint defences are being put under increasing pressure, while sophisticated malware, ransomware, scams, frauds, and phishing attempts are on the rise.
In all these instances, IAM has a central role in minimising risk. Hybrid working patterns demand that enterprises know that users are who they claim to be - and this information needs to be validated often.
Risk can be internal too, for example when employees leave. Deauthorising them from applications is essential for both security and compliance mandates, so IAM solutions should be able to deploy directory services and so bring (auditable) peace of mind.
Integration in complex, hybrid IT estates is a further challenge for IT leaders. Enterprises should look for an IAM solution that is compatible with multiple technologies and can be managed from a single point.
The goal should be integrating new applications with SSO and user management capabilities without spending hours configuring the system
This post is funded by Okta
