CIOReview
CIOREVIEW >> Identity and Access Management >>

IAM - An Information Security Enabler

Tim Skinner, Director Information Security, BlueCross BlueShield of Tennessee
Tim Skinner, Director Information Security, BlueCross BlueShield of Tennessee

Tim Skinner, Director Information Security, BlueCross BlueShield of Tennessee

Summary

Identity and Access Management has become a key security program to enable new and ever-changing business, and technology needs with the right amount of security. As each organization defines their appetite for risk and how much they are willing to pay for it, they must assure that the foundational security process and technology are in place to deliver. As our organizations develop and deliver new and creative solutions, they can inadvertently create new blind spots within our security and IAM programs. If your security team lacks visibility or awareness of these solutions, the unacceptable or unknown risk is likely being introduced to your organization. There are new technology standards, tools, and architectures needed that many traditional IAM programs may not have. If your organization has not recently done an IAM strategy and gap analysis for your IAM program, now is the time.

Common IAM Blind-Spots

Cloud Identity

Applications and infrastructure are moving to the cloud. Maybe a little at a time, perhaps all at once, and perhaps even without Information Security knowing about it. Workforce and customer identities, as well as data access control, need to extend to the cloud environments to support this. Many traditional tools may not be up to the task.

• Integrating workforce and customer identity lifecycle with and across various cloud services, applications, and platforms.
• Technical identity standards support (SCIM, SAML, OAuth, OpenID, FIDO, etc.)
• Data security and data loss prevention
• Authentication and privileged account management

Customer Identity

Customer identities are managed in a very different way than workforce identities, and many organizations don’t consider this

to be a part of the IAM program. Business increasingly desires to give their customers more control over the security and use of their information access and authentication methods. Make CIAM a part of your IAM program to limit risk to the organization by providing secure solutions supporting your business customer security objectives. Customer identity is focused on customer choices rather than prescriptive control.

‚Äč There are new technology standards, tools, and architectures needed that many traditional IAM programs may not have. If your organization has not recently done an IAM strategy and gap analysis for your IAM program, now is the time 

• Data access and release authorization
• Social login – using your Gmail account for authentication
• Multi-factor authentication
• Password-less authentication and authentication tokens
• Self-service and profile management
• Risk-based authentication

Zero Trust

With increasing mobile workforces, BYOD & IoT, 3rd party service providers, off-shore contractors, and cloud computing, our corporate networks are starting to look a lot more like the internet. Which side of the firewall your users are on is much less important than whom they are and what they should have access to. A new paradigm is gaining momentum, and it is based on leveraging user identities to establish the security perimeter of your systems.

• Verify everything, trust nothing
• Automated identity lifecycle management for internal and external users
• Role-based access control and attribute-based access control
• Multi-Factor authentication enforcement for privileged accounts
• Risk-based authentication and user behaviour analytics
• Network micro-segmentation

With all these factors playing a significant role in organizations, enterprises should strive to increase their security standards and make their IAM programs like an extra layer of protection from unknown security vulnerabilities and cybersecurity breaches. It is only with a robust IAM infrastructure that we can ensure consistent and standard access rules and policies across organizations.

Check Out: Top Security Consulting/Services Companies

See Also: Top Identity and Access Management Companies

Read Also

"Well, How did I (we) get here?"

Louis DiModugno, Chief Data Officer with HSB
How to Build a Techforce

How to Build a Techforce

Christian N. Schmid (Managing Director and Partner), Raffael Kazda (Associate Director), Daniel Wagner (Manager) and Annika Melchert (Senior IT Architect), all core members of the Banking Practice Area of BCG and BCG Platinion
Data Archival - Rest in peace

Data Archival - Rest in peace

Himali Kumar, Director Data Management, AutoZone
What Does RBG's Death Mean for the Investing World?

What Does RBG's Death Mean for the Investing World?

Jenny Abramson, Founder & Managing Partner, Rethink Impact
The New Bridges and Barriers to an Integrated World view

The New Bridges and Barriers to an Integrated World view

Brandon Beals, Director of Data & Analytics, Dot Foods