Four Tips for an Effective Identity and Access Management (IAM) Strategy: Analyze, Organize, Automate and Empower

By May 25, 2016In the News

In a recent report, Gartner noted that IT spending will slow this year as businesses’ focus shifts to growth and cost optimization. The one sector that will not be affected by slowed spending is Identity and Access Management (IAM). IAM is driven by businesses expanding beyond their physical office borders to enable employees to work from anywhere. This trend demands solutions to protect company data by securing employee access points wherever they may be and from whatever device they are using.

With this in mind, I’ve highlighted four important tips for your IT team when implementing or upgrading an IAM strategy.

1. Start by getting insight into current company access rights

Before a company can adequately manage access rights and implement a new strategy, your IT team should understand the full extent of who currently has access to what applications and data within the company. This means you’ll need to run a report to categorize current access rights, analyze which access rights aren’t correct and apply corrective actions.

2. Organize access rights and establish ongoing certification campaigns

Once you have full insight into all users’ access rights – and have added to or revoked any incorrect access rights – it’s important to establish an ongoing certification program to maintain audit and verify and clean your entitlements. This means having a program in place to ensure you know, at all times, who has access to what data, when and where. When evaluating IAM solutions, be sure to look into what automated certification tools they offer. The days of maintaining massive excel spreadsheets to manually catalogue access rights are archaic, and dangerous.

3. Maintain control of access rights by implementing standardized policies

IT security and HR should always maintain open lines of communication to implement a company-wide access rights policy that automates granting and/or revoking access rights as new employees join the team, contracted employees start and end their term, and as employees leave the company.

It’s important to categorize every single platform and application an employee may use throughout their employment within a company. Moreover, implementing and defining policies using a role model (Role-Based Access Control or “RBAC”) will help you to automate your company’s IAM strategy. Iterate on access rights based on an employee’s locational boundaries, role within the company and anticipated duration with the organization.

4. Empower your organization to make security everyone’s priority

Last year, an alarming statistic made the internet rounds highlighting that a majority of employees would happily sell company data for the right price. While monetary compensation will always exist and entice some employees to sell data, companies can work to minimize their exposure by educating their teams about security. An ongoing conversation around how outsiders could get access to data and applications through employee accounts will have a lasting impact on how teams go about their daily work in and outside the office walls. Empower employees to manage risks by running real-time dashboards and certification campaigns to detect irregularities will also ensure everyone feels an individual responsibility to secure a company’s data and applications.

Summary

In an age when data breaches are happening every day, to over 40% of all businesses. it’s imperative to secure access points to data. It’s no longer a matter of if your firewalls will be breached — from inside or out — but when. To lessen the impact of any breach, creating an effective IAM strategy for your business is your best starting point. Managing and monitoring access to data and applications, by role and geolocation, will mitigate the impact of intrusion.

About the Author

Arend is a co-founder and CEO for IDdriven – a company at the forefront of the new breed of Identity and Access Management solutions. Bringing over 30 years of executive experience in growing and leading technology companies, Arend has spent the last decade innovating in the IAM industry. Arend founded IDdriven, to address technology gaps he saw in the market, and to bring an affordable, easily deployable IAM solution to businesses of all sizes.

Article via VMBlog