The role of identity and access management to help to balance user experience and security is not new, but events of the past year—and the year ahead—are giving it increased emphasis.
The shift to remote work and hybrid workforces has highlighted IAM’s role in safely empowering employees and improving productivity, says Dhruva Suthar, director of security software and services at IBM Canada.
With increased digital customer engagement, it has become key to creating frictionless experiences while protecting personal information, she added.
Mini-conference: MODERNIZING YOUR IAM: July 7
Suthar will be just one of several experts sharing their thoughts on the development and implementation of IAM during Modernizing Identity and Access Management, a 90-minute interactive session that serves as a kick-off to ITWC’s annual Digital Transformation Conference.
Cyberattacks increasing in volume, velocity, and sophistication
The cybersecurity threat landscape remains a growing challenge for both private and public sector organizations, says cybersecurity consultant Maher Chaar, a specialist in IAM and identity, credential, and access management (ICAM).
The financial incentive of cybercrime and current permissive environments have allowed bad actors to flourish and increased the volume, velocity and sophistication of their attacks, he says. With the focus of many attacks is on security weak points such as compromised credentials, IAM has increased strategic importance.
The tidal wave in new attacks comes as privacy is becoming ever-more crucial, as demonstrated by legislation like the EU’s General Data Protection Regulation. The average security breach costs nearly $4 million, but the average cost of one GDPR breach skyrockets to about $230 million, according to Suthar.
With more sophisticated attacks targeting weaknesses in remote work situations, perimeter-based security controls are becoming less effective, Chaar says, driving more organizations to implement zero trust security models as they focus on identity across more than end user access, but also around IoT and hybrid environments.
Identity and zero trust
To build digital resiliency and protect digital assets, organizations are adopting zero trust models, agrees Shivhare. Identity is at the core of the zero trust model and the common denominator for access to network applications and enterprise resources. This has made the adoption of modern IAM solutions such as lifecycle management, single sign-on, multifactor authentication, and role-based access the “table stakes.”
Organizations need to move beyond these stakes, adopting solutions that provide context and adaptive access control.
With Bill C-11 before the federal government and Québec’s Bill 64 to amend data protection legislation, Canadians are expecting organizations to have stronger capabilities for privacy, content management, identity, security, compliance, and reporting, he says. As such, more advanced IAM solutions—such as bring your own identity, progressive profiling—are growing in importance.
Eating the Elephant
As the adage goes, there is only one way to eat an elephant: a bite at a time. One significant area that organizations run into challenges when deploying IAM is taking a monolithic approach that bites off more than they can chew.
It is better, Chaar suggests, to create a strategic roadmap broken into what he calls “fightable chunks of work.” Start with something manageable you can focus on and expand from there, rather than defining and deploying a massive program in one shot.
Yogesh Shivhare, a senior IDC security analyst who will also be speaking at the conference, said research conducted at the height of the pandemic indicates delivering on digital resiliency is the biggest priority for companies working toward recovery..
Hear more expert insights, learn about customer identity and access (CIAM) and applying zero trust, and more: Attend Modernizing Identity and Access Management – July 7