“The Telephone did not come into existence from the persistent improvement of the postcard.” Constant morphing of the technology landscape demands an appropriate answer from IAM.
While IAM tools are always developing, they must now start adapting more appropriately to the threat and disruption landscape. Traditional tools lack the ability to keep up with things like multiple user populations and risk management and must properly intercept cloud applications that are accessed on the go; emerging disruptions which are organic evolutions in business IT processes.
Security Professionals Must Apply Intelligence to Deal with Constantly Changing Threats
It is one thing to update tools to deal with threats after they emerge, but the threat landscape is changing very rapidly with new types of malware and fraud methods created every day. IAM tools must now preemptively protect against new threats, updating virus definitions and addressing new fraud methods on zero day. This is an uphill battle.
IAM Policy Management Costs Are Much Higher When Supporting Multiple User Populations
Most security teams use different IAM instances for customers, partners, and employees. To maintain a secure environment, they must design, implement, test and maintain IAM policies in all 3 environments. This results in a huge number of policy artifacts which ultimately costs a bomb. IAM tools of today must be able to handle multiple populations more easily, bringing down policy management costs.
IAM Tools Aren’t Incorporating Risk Assessment
Access Management, Identity Governance and Identity Administration architectures are not typically built to allow for risk management integration. Risk metrics, business intelligence and analytics are now a requirement for enterprise tools. Particularly in IAM, the room for utilizing risk assessment tools is enormous, and today’s requirement equally so. When a manager isn’t informed of the risk level of an access request from a particular role, or when orphan accounts are detected only in cycles rather than as and when it reaches orphan status, security is compromised. Modern tools must incorporate risk assessment to thwart threats where they stand.
BYOD Culture Means Unlogged Access
The BYOD (bring your own device) culture that has swept the world leaves significant security vulnerabilities in its wake. One such threat is the inability of Single Sign-on (SSO) systems to log accesses made from outside the corporate network. Typically, users don’t sign in using SSO when working from home or from coffee shops, they use the native login. This circumvents the security offered by SSO, and user data is also left inaccurate. Today’s IAM solutions must provide an effective way for forced SSO authentication to keep up with the BYOD culture.
The threat landscape is constantly mutating at an alarming pace. Technological disruption such as the BYOD culture and the need for risk metrics is also at an all-time high. Traditional IAM tools do not consider all this. It is now time for them to do so.