James Thew - Fotolia
Engage with business to drive IAM, says Axel Springer CISO
Axel Springer CISO Henning Christiansen teams up with business stakeholders to get board approval for an identity and access management (IAM) initiative
Collaboration with stakeholders across the business is key to implementing an identity and access management (IAM) system, according to Axel Springer’s chief information security officer (CISO.
“We faced significant difficulties in convincing the board of the importance of IAM,” said Henning Christiansen, CISO at the German publishing firm.
“Only by teaming up with other stakeholders such as finance and human resources (HR) were we able to get the go ahead for our IAM initiative two years ago,” he told the European Identity & Cloud Conference 2016 in Munich.
Together, they identified seven main problems with identity and access management in the company, many of which were related to the heterogeneous and complex IT environment that included in-house and legacy systems, which had been developed more than a decade ago and had little documentation.
“For example, we identified that the company was not well prepared for the use of Microsoft Office 365 and other software as a service,” said Christiansen.
Other issues included the inability to guarantee that sensitive personal data was protected, a lack of transparency regarding the access rights of users, and an inability to automate processes such as approvals and provisioning.
The stakeholders, however, did not focus only on problems, but also highlighted benefits, said Christiansen.
For example, for governance, risk and compliance, IAM enables identification of segregation of duties conflicts. Meanwhile, for IT there is reduced effort and cost for user management, and for personnel there is enhanced control for personal data.
Read more about identity and access management
- IAM is seen as being part of IT and not business, and investments tend to be aimed at mitigating one-off incidents, says KuppingerCole analyst Matthias Reinwarth.
- Why identity and access management is taking centre stage in companies’ access policies.
- Companies should consider their identity and access management (IAM) systems as a likely point of attack, according to SailPoint.
- Identity and access management of employees is so complex that many companies have faltered when it comes to securing programs for trusted partners.
In general, IAM standardises processes and enables greater efficiency and accuracy in user administration.
To help Axel Springer employees at all levels understand the value of IAM and benefits to efficiency, compliance, security and costs, Christiansen enlisted the help of an animated video.
“This has worked well, probably because Axel Springer is a media company, and has been extremely effective in explaining IAM in three minutes,” he said.
The video was produced by an outside production firm with the input of Axel Springer’s stakeholders, and was well-worth the cost of €6,000, said Christiansen, because it is still in regular use.
“Once we engaged with other business stakeholders and they understood the benefits, we were able to get the go ahead for the initiative and select the right tools after a proof of concept trial,” he said.
