The Challenges and Benefits of Identity and Access Management

Bryan Glick at Computer Weekly has a piece out that discusses some of the challenges companies face when they try to implement enterprise IAM solutions, and despite those challenges, why it’s still to your benefit to get that IAM solution in place.
Glick gives the example of government contractor KPMG, where despite all the recent advances in IAM technology, the company still finds itself struggling with identity and access management problems. Specifically, the contractor is having problems with orphan accounts, where user accounts are set up without clear owners, a lack of monitoring and/or review of IAM set ups, and the fact “that not all identities and their access privileges are properly approved.”
Here’s an example of that last problem:
A new recruit is simply given the same levels of access as another employee in a similar role – often by “cloning” their account – without realising that the existing staff member has accumulated higher privileges or administration rights over time, that should not be passed on to others.
A fourth challenge is deemed “toxic combinations of access” by a KPMG IAM and Security practitioner, which refers to “situations where individuals are able to use functionality that in itself appears acceptable but, when combined with other privileges, can lead to problems.”
All of this complexity is invisible for the most part to the business side of the organization, according to Glick, and is only compounded by the growing complexity of the modern IT environment. That can make getting buy in from business difficult, but getting that buy in is still essential for ensuring the success of which ever IAM solution you go with, he writes.
Despite all these challenges, when IAM is done right it can be a powerful tool for businesses to not only maintain security but also to improve the performance of lines of business. Glick uses the example of Gatwick Airport in the UK, which went with Okta for its IAM solution:
“The other thing that Okta enables is to create a SaaS applications portal. You log in once with your Gatwick credentials and access a range of single sign-on applications. That means we can federate with our partners – EasyJet, British Airways, Menzies, and so on – and, if they have Active Directory Federation Services (ADFS), we can integrate with them, and offer access to our applications via their own Active Directory. We can grant them permission through Okta to access some of our applications.”
Those new capabilities should improve the efficiency and service delivery for the airport and its airlines to their customers.
In other words, make a business case to business for why IAM is such a necessity, not just a security case.
For Glick’s piece at Computer Weekly, click here.