Increased demand for cloud and BYOD for automated IAM systems

The growing phenomenon of cloud service applications and BYOD (using self-contained devices at work) is making identity and access rights pervasive across the enterprise, increasing the pressure for organizations to implement perimeter defenses to ensure secure access to sensitive information. According to a survey conducted by Symantec and the Cloud Security Alliance at the CSA Summit last winter, 90% of institutions believe controlling who has access to which cloud application is one of the most important factors affecting cloud applications.

This is also with a complex and potentially expensive factor.

For example, imagine an organization that uses Salesforce cloud services for its CRM applications and also allows employees to access Salesforce using a personal mobile device. If an employee leaves the organization, the IT department must revoke the network access rights of that employee. However, this organization should also turn off the right of that employee to access Salesforce. Otherwise, the former employee will continue to have access to valuable customer information. For many organizations, this is still a time-consuming manual process.

As more and more resources and data migrate into the cloud, a wide variety of devices can access the data, and the traditional security concept of securing the perimeter and endpoints is beginning to crumble. The surrounding environment is no longer a clear boundary, which is an increasingly ambiguous concept. This is a new and attractive place for identity and access Management (IAM), which focuses on identity lifecycle and access control.

As Chris Zannetos, the CEO of IAM professional manufacturer Courion, said, the goal of the IAM solution is to ensure that the right people have access to the right resources and that the right people use that resource to do the right thing.

In large enterprises, an IAM based on manual process has become impossible

The larger the body, the less feasible the manual approach will be. Dave Fowler, chief operating officer of Courion, points out that a financial institution with a key financial asset that it must protect has 30,000 employees and about 1000 applications to support.

When the number of employees increases dramatically, Fowler says, the number of identities they have has multiplied, and the access to these applications has multiplied. Look at the number of connections generated, that's hundreds of millions of relationships. You can't use manual processes to monitor it every day.

Fowler said that configuring access rights and revoking these access rights are equally difficult issues.

"When I start working on a new employee, if I can't automate the process of getting him online, I lose valuable staff hours," Fowler said. If the process takes 5 or 6 days, it means losing 5 or 6 days of working time. This is not just a matter of efficiency. This can have serious consequences for security and compliance. ”

For example, in the health care industry, hospitals can bring in hundreds of new residents in one weeks. Fowler asks, what do they do if they can't get approval for something they need to visit in order to do their job? They will eventually bypass the system. Doctors provide their own system access to the residents so they can do their job.

Automating the complexity of IAM

In the past, IAM systems were provided only to the largest enterprises. The reason, Zannetos explains, is not hard to understand: creating an automated and federated system is not an easy task.

First, there are multiple computational infrastructure complexities, Zannetos said. This infrastructure includes many applications, systems and networks. Each computing system has a security model and access control optimized for specific systems rather than for the entire environment. It is very difficult to unify these security patterns and controls. Business is constantly changing, often leading to a combination of systems in a process. Think of the ATM, a simple business process of transferring money from your savings account to a checking account through an ATM requires interaction of applications such as funds transfers, passbook savings accounts, demand deposits, and account-tuning applications, all of which are optimized for their specific functions, Not for you through a teller machine transfer optimization.

Second, computing has become the basis of business operations. This means that almost every business activity affects who should access what resources and what they do with that access.

However, the IAM system is now entering the cloud and is being provided in the form of SaaS (software as a service). This has done a lot of work to make the IAM system popular and to provide an IAM system to organizations of all sizes.

"Many of the things we see now are the idea that institutions can start with artificial systems or do nothing, and they don't have to spend a lot of upfront expenses,"

Fowler said. They can pay monthly: it's operating expenses, not capital spending. This is attractive to institutions. They have all the institutions that have previously done this thing best practice. They don't have to learn to do the identification and access management thing again. They don't have to have any experience. I was able to take part in the same way as some more advanced institutions, without having to hire experts to do it. ”

(editor: Heritage)