Infosecurity preview: Building blocks of trust

Identity and access management is a key issue when building business success

Identity and access management lays the foundations for trusted environments. It is essential that companies move to an identity-centric approach to user and systems protection, where the focus is on authentication to reduce risk, rather than relying on the current mechanisms of perimeter control and detection.

Ongoing moves to internet-based business processes and collaboration frameworks mean it is not a question of if, but when, enterprises must implement integrated security systems that are based on the principles of identity and trust.

Whoever we are, whatever our role within an organisation, we all make use of our identities to authenticate ourselves to public and private information services. We make systems requests, we pay for goods and services, and we add to the information silos that commercial organisations maintain.

Significant challenge

Business success and efficiency is empowered by the availability of information - and the most significant challenge organisations face is one of control. There is a need to build trusted environments where the identity of each user can be proved before access rights are granted.

Trusted environments where customers and citizens can gain on-request access to personal and account information, without risk of identity theft where employees are able to gain unencumbered access to corporate networks, systems and applications, irrespective of where their chosen place of work happens to be and where business partners and suppliers can be provided with certified access channels to collaborative information sources.

Access management

These are the goals that have been set for identity and access management, and these are the levels of achievement that software providers need to aspire to.

The real value-to-business proposition that the integrated use of identity and access management can deliver comes from the technologies' ability to deal with all the key identity, sign-on, authentication, provisioning, access control and administration issues, and to deliver these as a service that can meet the needs of all user groups.

The components each organisation selects can vary significantly. What is seen as a key authentication tool in one area of a business may be seen as overkill in another.

The primary role of identity and access management is twofold it is about achieving a balance between the information protection needs of an organisation and its users, while servicing the access rights that are needed to support the efficient delivery of normal activities.

Identity and access management is about protecting business systems and their users, and at the same time protecting business systems from their users.

Andy Kellett is senior research analyst at Butler Group. He will be part of the expert panel on identity management at Infosecurity Europe

Infosecurity preview: Knowledge is power >>

Infosecurity preview: Mobilising single sign-on >>

Infosecurity preview: Bridging the reality gap >>

Infosecurity preview: When a year is a lifetime >>

More information on the show, including free entry >>

Infosecurity Europe keynote sessions >>

David Lacey’s security blog >>
The latest ideas, best practices, and business issues associated with managing security

Stuart King’s risk management blog >>
Dealing with the operational challenges of information security and risk management

Comment on this article: [email protected]


Read more on IT risk management