Identity and access management lays the foundations for trusted environments. It is essential that companies move to an identity-centric approach to user and systems protection, where the focus is on authentication to reduce risk, rather than relying on the current mechanisms of perimeter control and detection.
Ongoing moves to internet-based business processes and collaboration frameworks mean it is not a question of if, but when, enterprises must implement integrated security systems that are based on the principles of identity and trust.
Whoever we are, whatever our role within an organisation, we all make use of our identities to authenticate ourselves to public and private information services. We make systems requests, we pay for goods and services, and we add to the information silos that commercial organisations maintain.
Business success and efficiency is empowered by the availability of information - and the most significant challenge organisations face is one of control. There is a need to build trusted environments where the identity of each user can be proved before access rights are granted.
Trusted environments where customers and citizens can gain on-request access to personal and account information, without risk of identity theft where employees are able to gain unencumbered access to corporate networks, systems and applications, irrespective of where their chosen place of work happens to be and where business partners and suppliers can be provided with certified access channels to collaborative information sources.
These are the goals that have been set for identity and access management, and these are the levels of achievement that software providers need to aspire to.
The real value-to-business proposition that the integrated use of identity and access management can deliver comes from the technologies' ability to deal with all the key identity, sign-on, authentication, provisioning, access control and administration issues, and to deliver these as a service that can meet the needs of all user groups.
The components each organisation selects can vary significantly. What is seen as a key authentication tool in one area of a business may be seen as overkill in another.
The primary role of identity and access management is twofold it is about achieving a balance between the information protection needs of an organisation and its users, while servicing the access rights that are needed to support the efficient delivery of normal activities.
Identity and access management is about protecting business systems and their users, and at the same time protecting business systems from their users.
● Andy Kellett is senior research analyst at Butler Group. He will be part of the expert panel on identity management at Infosecurity Europe
David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security
Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management
Comment on this article: [email protected]