Moving beyond cybersecurity table stakes with IAM

The role of identity and access management to help to balance user experience and security is not new, but events of the past year—and the year ahead—are giving it increased emphasis.

The shift to remote work and hybrid workforces has highlighted IAM’s role in safely empowering employees and improving productivity, says Dhruva Suthar, director of security software and services at IBM Canada. 

With increased digital customer engagement, it has become key to creating frictionless experiences while protecting personal information, she added.

Mini-conference: MODERNIZING YOUR IAM: July 7 

 Suthar will be just one of several experts sharing their thoughts on the development and implementation of IAM during Modernizing Identity and Access Management, a 90-minute interactive session that serves as a kick-off to ITWC’s annual Digital Transformation Conference.

Cyberattacks increasing in volume, velocity, and sophistication

The cybersecurity threat landscape remains a growing challenge for both private and public sector organizations, says cybersecurity consultant Maher Chaar, a specialist in IAM and identity, credential, and access management (ICAM). 

The financial incentive of cybercrime and current permissive environments have allowed bad actors to flourish and increased the volume, velocity and sophistication of their attacks, he says. With the focus of many attacks is on security weak points such as compromised credentials, IAM has increased strategic importance.

The tidal wave in new attacks comes as privacy is becoming ever-more crucial, as demonstrated by legislation like the EU’s General Data Protection Regulation. The average security breach costs nearly $4 million, but the average cost of one GDPR breach skyrockets to about $230 million, according to Suthar. 

With more sophisticated attacks targeting weaknesses in remote work situations, perimeter-based security controls are becoming less effective, Chaar says, driving more organizations to implement zero trust security models as they focus on identity across more than end user access, but also around IoT and hybrid environments.

Identity and zero trust

To build digital resiliency and protect digital assets, organizations are adopting zero trust models, agrees Shivhare. Identity is at the core of the zero trust model and the common denominator for access to network applications and enterprise resources. This has made the adoption of modern IAM solutions such as lifecycle management, single sign-on, multifactor authentication, and role-based access the “table stakes.”

Organizations need to move beyond these stakes, adopting solutions that provide context and adaptive access control.

With Bill C-11 before the federal government and Québec’s Bill 64 to amend data protection legislation, Canadians are expecting organizations to have stronger capabilities for privacy, content management, identity, security, compliance, and reporting, he says. As such, more advanced IAM solutions—such as bring your own identity, progressive profiling—are growing in importance.

Eating the Elephant

As the adage goes, there is only one way to eat an elephant: a bite at a time. One significant area that organizations run into challenges when deploying IAM is taking a monolithic approach that bites off more than they can chew. 

It is better, Chaar suggests, to create a strategic roadmap broken into what he calls “fightable chunks of work.” Start with something manageable you can focus on and expand from there, rather than defining and deploying a massive program in one shot.

Yogesh Shivhare, a senior IDC security analyst who will also be speaking at the conference, said research conducted at the height of the pandemic indicates delivering on digital resiliency is the biggest priority for companies working toward recovery..

Hear more expert insights, learn about customer identity and access (CIAM) and applying zero trust, and more:  Attend Modernizing Identity and Access Management – July 7 

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Lawrence Cummer
Lawrence Cummer
Lawrence ("Law") Cummer is a Toronto-based freelance writer and editor who's followed the technology trade for two decades. He has a passion for sharing how people can work better, easier—and maybe "smarter"—from technologists to executives to home contractors.

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now