Three IAM Best Practices You Can Start Today

Colin Miles, CTO of Pirean at IT Pro Portal has some advice on what Identity and Access Management actions you can take now to solve the identity challenge without waiting for the industry and world to change. Miles insists there are some big changes in store that could help you out down the road, but if you want to get a handle on your organization’s security today (and trust me, you do), start by following these three steps Miles has provided, reproduced below:

Miles insists there are some big changes in store that could help you out down the road, but if you want to get a handle on your organization’s security today (and trust me, you do), start by following these three steps Miles has provided, reproduced below:

1. Start your Identity and Access Management solution design with the people using it as a focus. By building user-centric solutions and thus empowering the user, you can encourage proper use of your systems and sidestep issues of employees finding quicker, easier, but less secure ways around your supposedly effective IAM solution. You will also need to balance privacy with the security needs of your enterprise as part of this approach.

2. Adopt “intelligent” solutions that take context into account. Your preferred solution should be able to make a complex assessment of the context of user access, requested transactions, and other “variable attributes” in order to determine access privilege, not just a black and white “do you know the password?”

3. Accept that identity as a concept isn’t just about people. The items that people use every day are increasingly becoming important tools for both breaching and securing networks. Establishing identity credentials for those items should be a hallmark of a good Identity and Access Management solution.

At the same time, however, avoid locking yourself into a specific technology or process pathway. The barbarians innovate and evolve, and so should your IAM solution.

As Miles says, you need “adaptable and scalable framework based solutions” to handle your security needs now and prepare for future threats. Help will come in the future, according to Miles, and from several sources at that.

Top-level organizations like the Global Identity Foundation are working “to build new models and frameworks that will realize a new identity vision in the future” with the support of academics and IT vendors. Market forces within the IAM industry will continue to produce innovation as firms seek to displace their competitors, and the success of the long-term thinkers will force the short-term thinkers out (color me skeptical of that last line, though). The online environment itself will even drive positive change, as negative events like massive data breaches draw ever more focus to security and potentially positive events like the widespread and rapid adoption of new consumer approaches make life harder for cyber crooks.

The future is not today, however. The good news is that following the best practices above can help you prepare for those future changes while still securing your network today. I call that a win-win. For Miles’ article on IT Pro Portal, click here.