James Thew - Fotolia

Engage with business to drive IAM, says Axel Springer CISO

Axel Springer CISO Henning Christiansen teams up with business stakeholders to get board approval for an identity and access management (IAM) initiative

Collaboration with stakeholders across the business is key to implementing an identity and access management (IAM) system, according to Axel Springer’s chief information security officer (CISO.

“We faced significant difficulties in convincing the board of the importance of IAM,” said Henning Christiansen, CISO at the German publishing firm.

“Only by teaming up with other stakeholders such as finance and human resources (HR) were we able to get the go ahead for our IAM initiative two years ago,” he told the European Identity & Cloud Conference 2016 in Munich.

Together, they identified seven main problems with identity and access management in the company, many of which were related to the heterogeneous and complex IT environment that included in-house and legacy systems, which had been developed more than a decade ago and had little documentation.

“For example, we identified that the company was not well prepared for the use of Microsoft Office 365 and other software as a service,” said Christiansen.

Other issues included the inability to guarantee that sensitive personal data was protected, a lack of transparency regarding the access rights of users, and an inability to automate processes such as approvals and provisioning.

The stakeholders, however, did not focus only on problems, but also highlighted benefits, said Christiansen.

For example, for governance, risk and compliance, IAM enables identification of segregation of duties conflicts. Meanwhile, for IT there is reduced effort and cost for user management, and for personnel there is enhanced control for personal data.

Read more about identity and access management

In general, IAM standardises processes and enables greater efficiency and accuracy in user administration.

To help Axel Springer employees at all levels understand the value of IAM and benefits to efficiency, compliance, security and costs, Christiansen enlisted the help of an animated video.

“This has worked well, probably because Axel Springer is a media company, and has been extremely effective in explaining IAM in three minutes,” he said.

The video was produced by an outside production firm with the input of Axel Springer’s stakeholders, and was well-worth the cost of €6,000, said Christiansen, because it is still in regular use.

“Once we engaged with other business stakeholders and they understood the benefits, we were able to get the go ahead for the initiative and select the right tools after a proof of concept trial,” he said.

Read more on Hackers and cybercrime prevention