by Bhavdip Rathod, IAM Solution Architect, Sailpoint Technologies, Inc
In today’s digitally enabled world, Identity and Access Management (IAM) plays a critical role in any enterprise security plan, as it is inseparably linked to the security and productivity of companies. As more and more business store their sensitive data electronically, ensuring that data remains secure is critical. The rapid transformation to the digital world has cut across all organizations and industries and has required changes to how companies manage their workforce and ultimately how they deliver access to their critical applications and data. The workforce has also developed gradually, especially from a simple to a more complex type of labor force for organizations. In addition to providing access to employees, organizations now also need to include contractors, vendors and partners, each with their own set of access requirements and restrictions. Furthermore, data and applications spread across cloud, on-premises and hybrid infrastructures are being accessed by a variety of devices including tablets, smartphones, and laptops. Identity and Access Management is a Cyber/Information security discipline that ensures right people have appropriate access to the organization’s critical systems and resources at the right time. IAM assimilate three major pillars:
When a user tries to access any system or resource, he or she first enters the username as the very first step of identity verification into the system. The system then goes and verifies the user’s identity via the authentication process. Authentication can be done via a basic knowledge-based mechanism such as passwords or more advanced techniques can be used, such as multi-factor authentication (MFA) or biometrics. Once, system successfully completes authentication process, then IAM system will initiate authorization process to ensure that logged in user is only allowed to perform the tasks which he or she is entitled to do as part of their job function based on the pre-defined security policies in the IAM system (e.g. Developer should not be allowed to have admin rights on production system). The fact that a user proves his or her identity is not enough to gain access.
Effective IAM infrastructure and solutions help enterprises establish secure, productive and efficient access to technology resources across these diverse systems while delivering several important key benefits:
Enhanced Data Security: Consolidating authentication and authorization capabilities on a single centralized platform provides business and IT professionals with a streamlined and consistent method of managing user access during identity lifecycle within an organization. For example, when users leave a company, centralized IAM solution gives IT administrators the ability to revoke their access with the confidence that the revocation will take place immediately across all the business-critical systems and resources which are integrated with centralized IAM solution within the company. This will ensure no lingering access stays with the terminated users and hence significantly improves the overall Information Security posture of the company.
Reduced Security Costs: Having a centralized IAM platform in an organization to manage all users and their access allows IT to perform their work more efficiently. In today’s world, each employee has access to thousands of systems and resources as part of their job. Imagine, if an IT administrator has to grant access to each of these systems manually when an employee joins the company and then again revokes these system accesses manually from each system when the user leaves the organization, it will be a nightmare for IT staff and also a huge monetary overhead for the company to maintain these onboarding and off-boarding processes. Efficient centralized IAM solution can address this challenge diligently which results in huge savings of time and money for the company. A comprehensive IAM solution can reduce overall IT costs by automating identity processes that consume IT resources, such as onboarding, password resets and access requests, eliminating the need for help desk tickets or calls
Least Privilege Principle: Least privilege is an important practice of computer and information security for limiting access privileges for users to the bare minimum rights they need to perform their job duties. With 77% of data breaches involving an insider, it is necessary to ensure access to all your corporate resources are secured and granted using least privilege principle. In a company, it is common for employees to move across different roles in the organization. If the granted privileges are not revoked as the employee change the role, those privileges can accumulate, and this situation poses a great risk for many reasons. It makes that user an easier target for cyber hackers as his/her excessive rights can be an easier gateway for criminals to access the broader part of the company’s critical systems and resources. Or this can eventually turn into the insider threat where a person gets the ability to commit data theft. Sometimes companies forget to remove these excessive privileges from a user’s profile when he/she leaves the company resulting in security risk where the user can still access the company’s systems freely even after the termination. A well-designed centralized IAM solution can help organizations eliminate insider threat challenge by utilizing the Least Privilege Principle to a great extent.
Enterprise IT Governance: Taking compliance regulations around the world such as the HIPPA, SOX, upcoming EU GDPR (General Data Protection Regulation) into account, a lack of effective identity and access management poses high risks to compliance. On March 1, 2017, the state of New York’s Department of Financial Services (NYDFS) new cybersecurity regulations went into effect. The regulations prescribe many requirements for the security operations of financial services companies that operate in New York, including the need to monitor the activities of authorized users and maintain audit logs, something identity and access management systems typically do. Modern IAM solutions and products provide the ability to enforce user access policies, such as separation-of-duty (SoD), and establish consistent governance controls, eliminating access violations or over-entitled users through automated governance controls. This will ensure companies stay compliant with business and government compliance and regulatory standards. Not adhering to these standards could cause companies millions of dollars in penalties.
The world has witnessed an alarming trend in security data breaches (e.g. Yahoo, Equifax, Linkedin, Target, etc.) every year which are both larger in scope and increasingly devastating. Businesses must be able to guard themselves from these cyber threats within the company and from the unknown exposure points of the internet. Identity and access management provides a critical security layer against these unknown security vulnerabilities to protect companies from cybersecurity data breaches. A robust IAM infrastructure can ensure consistent and standard access rules and policies across an organization by providing an important additional layer of protection.
All of these reasons prove the relevance of Identity and Access Management (IAM) for business success and productivity and why should embrace comprehensive IAM processes and infrastructure.
About the Author
Bhavdip Rathod is an Identity and Access Management Solution Architect at Sailpoint Technologies, Inc. Bhavdip is an experienced cyber security technologist and architect through combined experience in Identity and Access Management. He is primarily responsible for providing innovative solutions to the companies in the field for their most complex challenges in the IAM and Cyber Security areas to strengthen their security infrastructure and prevent potential cyber and data breaches.
He has a strong understanding and in-depth experience of Identity and Access Management (IAM) Frameworks and industry best practices. Bhavdip has served as an SME and Expert Advisor on the largest and most complex IAM Implementations for various retail, financial, healthcare and manufacturing organizations in the last 10 years.
Bhavdip serves an IAM Expert Advisor and speaker at various IAM user groups and conference events. Bhavdip holds a Master of Science degree with Commendation from the University of Hertfordshire in the UK.”