CIOReview
CIOREVIEW >> Identity and Access Management >>

IAM - An Information Security Enabler

Tim Skinner, Director Information Security, BlueCross BlueShield of Tennessee
Tim Skinner, Director Information Security, BlueCross BlueShield of Tennessee

Tim Skinner, Director Information Security, BlueCross BlueShield of Tennessee

Summary

Identity and Access Management has become a key security program to enable new and ever-changing business, and technology needs with the right amount of security. As each organization defines their appetite for risk and how much they are willing to pay for it, they must assure that the foundational security process and technology are in place to deliver. As our organizations develop and deliver new and creative solutions, they can inadvertently create new blind spots within our security and IAM programs. If your security team lacks visibility or awareness of these solutions, the unacceptable or unknown risk is likely being introduced to your organization. There are new technology standards, tools, and architectures needed that many traditional IAM programs may not have. If your organization has not recently done an IAM strategy and gap analysis for your IAM program, now is the time.

Common IAM Blind-Spots

Cloud Identity

Applications and infrastructure are moving to the cloud. Maybe a little at a time, perhaps all at once, and perhaps even without Information Security knowing about it. Workforce and customer identities, as well as data access control, need to extend to the cloud environments to support this. Many traditional tools may not be up to the task.

• Integrating workforce and customer identity lifecycle with and across various cloud services, applications, and platforms.
• Technical identity standards support (SCIM, SAML, OAuth, OpenID, FIDO, etc.)
• Data security and data loss prevention
• Authentication and privileged account management

Customer Identity

Customer identities are managed in a very different way than workforce identities, and many organizations don’t consider this

to be a part of the IAM program. Business increasingly desires to give their customers more control over the security and use of their information access and authentication methods. Make CIAM a part of your IAM program to limit risk to the organization by providing secure solutions supporting your business customer security objectives. Customer identity is focused on customer choices rather than prescriptive control.

‚Äč There are new technology standards, tools, and architectures needed that many traditional IAM programs may not have. If your organization has not recently done an IAM strategy and gap analysis for your IAM program, now is the time 

• Data access and release authorization
• Social login – using your Gmail account for authentication
• Multi-factor authentication
• Password-less authentication and authentication tokens
• Self-service and profile management
• Risk-based authentication

Zero Trust

With increasing mobile workforces, BYOD & IoT, 3rd party service providers, off-shore contractors, and cloud computing, our corporate networks are starting to look a lot more like the internet. Which side of the firewall your users are on is much less important than whom they are and what they should have access to. A new paradigm is gaining momentum, and it is based on leveraging user identities to establish the security perimeter of your systems.

• Verify everything, trust nothing
• Automated identity lifecycle management for internal and external users
• Role-based access control and attribute-based access control
• Multi-Factor authentication enforcement for privileged accounts
• Risk-based authentication and user behaviour analytics
• Network micro-segmentation

With all these factors playing a significant role in organizations, enterprises should strive to increase their security standards and make their IAM programs like an extra layer of protection from unknown security vulnerabilities and cybersecurity breaches. It is only with a robust IAM infrastructure that we can ensure consistent and standard access rules and policies across organizations.

Check Out: Top Security Consulting/Services Companies

See Also: Top Identity and Access Management Companies

Read Also

Balancing Innovation and Standardization

Balancing Innovation and Standardization

Matt Kuhn, PhD, Chief Technology Officer, Innovative Technology Services, Thompson School District
Leveraging Quality Engineering and DevOps to thrive in the face of churning customer expectations

Leveraging Quality Engineering and DevOps to thrive in the face of...

Michelle DeCarlo, senior vice president, enterprise delivery practices, Lincoln Financial Group
Pioneering the Future Through Technology Innovation

Pioneering the Future Through Technology Innovation

Eric Kunnen, Senior Director, IT Innovation and Research, Information Technology, Grand Valley State University
Reimagine Naval Power

Reimagine Naval Power

Lorin Selby, Chief of Naval Research, Office of Naval Research
The Shifting Enterprise Operating System Ecosystem Is Helping Warehouse Operations Evolve

The Shifting Enterprise Operating System Ecosystem Is Helping...

Tom Lee, Director Sales Engineering, Zebra Technologies
Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.

Digital TRANSFORMATION: Challenge the Status Quo, Be Disruptive.

Michael Shanno, Head of Digital Transformation, Global Quality, Sanofi