CISO's Tower

Solid Identity and Access management is crucial in a world ruled by cloud and mobile

Share this post:

A more connected world has given rise to an open economy, powered by cloud and mobile technology. Looser, more temporary collaborations between companies are on the rise, as is ‘coopetition’ (cooperation / competition) – the notion that your ally in one business activity might be a competitor in another field. How do we protect company data in an open business environment which is supposed to be available anytime, anywhere? What is the role of Identity and Access Management (IAM) to help create such an open, yet secure environment? And should IAM itself be deployed through the cloud? Register here for our Cloud IAM webinar on 28 February.

These and other questions were the topic of a recent round table initiated by IBM and chaired by IAM expert Jan Vanhaecht from Deloitte. Participants from a wide range of sectors, such as government, healthcare, media and technology came together to discuss IAM in today’s open world. Though from diverse industries, the participants were showing consensus on one thing: all of them were either transitioning processes to the cloud or considering a transition. Advantages aside, such as scalability, flexibility, less hardware management and accessibility, the gathered group quickly pointed to a major security concern. How do you make sure only those who are authorized can access a cloud-deployed app or data set? Not surprisingly, IDC recently predicted that by 2019, 75% of CIOs will refocus cybersecurity around authentication and trust (Futurescape: Worldwide CIO Agenda 2018 predictions).

It’s about trust and ease of use

In a dynamic and changing context shaped by cloud technology and proliferation of mobile, there are two major factors for a secure deployment to the cloud: trust and ease of use. Users have to be able to fully rely on the fact that business processes can take place in a secure environment. At the same time, these users have come to expect the same ease of use that they are accustomed to in their personal lives. Going about your day with a list of 20 different passwords for your 20 different accounts foregoes the accessibility and flexibility advantages that cloud technology can offer. Secure yet easy-to-use Identity and Access Management will become crucial. After all, the best IAM is the kind users don’t even know is there. Read here about IBM’s strong yet silent IAM solutions.

Accessible for all (who are authorized)

And it’s not just a question of making life a little easier for white-collar workers, as one of the participants, from a leading logistics company, put it: “Boundaries are fading fast. Especially in trade the world has become a village. The truckers we work with speak a total of 92 languages, and not all of them are as well-versed in using IT tools as we would like them to be. Plus: how do we know the trucker is who he claims to be? Ease of use, trust and a seamless user experience are not just ‘nice-to-haves’ for us – they’re crucial.” For another participant, from the healthcare sector, the secure accessibility concern came into play: “We have a private cloud environment for our network of 19 hospitals, which makes it much easier for patient data to be shared. It’s a great solution for the many doctors and nurses who work at different locations, but Identity and Access Management is still needed to ensure that sensitive patient data is not accessed by unauthorized persons.” Learn more about the considerations of taking your IAM to the cloud and register for our webinar on February 28.

In the cloud, on-premise or hybrid?

With well-trained, specialized cybersecurity staff in short supply these days, and data breaches at an all-time high, it might make sense to migrate (part of) your Identity and Access Management to the cloud as well. For this reason, IDaaS (Identity as a Service) is rapidly gaining ground. Peter Volckaert, Senior Sales Engineer at IBM Security Benelux, notes that there is a wide range of possible scenarios: “In a B2E context, IAM might simply consist of granting employees access to applications that run in the cloud. Solutions like IBM Cloud Identity Connect ensure that the process can take place in a secure and easy-to-use manner. Of course, migrating your whole IAM to the cloud is a possibility as well.” In other contexts, one might want to keep part of the processes on-premise: “Some sensitive data is required to be kept on-premise, but solutions like IBM Access Manager can perfectly be deployed on-premise, facilitating a hybrid IAM approach.”

Participants agreed unanimously that every company has its own specific needs. No two IAM projects are the same. Each of the scenarios outlined in the previous paragraph requires a different approach, and factors like Total Cost of Ownership and required staffing strongly depend on whether you keep IAM on-premise, migrate parts of it to the cloud in a hybrid solution, or go for a full deployment to the cloud.

Are you ready to take your IAM to the cloud? Attend our webinar on February 28

If you want to find out whether your organization is ready for cloud-based Identity and Access Management, join Peter Volckaert’s Webinar on 28 February. Peter will present a range of cloud IAM scenarios, and take you through the considerations to keep in mind when choosing between IDaaS or on-premise deployment. Register here for the webinar on 28 February.

 

Patrik Horemans

IAM Leader IBM Security Benelux

IBM Security Sales

More CISO's Tower stories

ISSE 2018 – Where world renowned experts in Security and Identity put their thinking to the test

This year, the 20th annual ISSE is being hosted by IBM in Brussels, and on 6th and 7th November 2018 international experts in technology, policy and commerce will convene to share knowledge and expertise, build meaningful relationships and forge strategic alliances and joint ventures. And you are invited to join them. ISSE is in many […]

Continue reading

What to expect from the GDPR readiness assessment

Is a mild sense of panic taking hold of some of your colleagues? The implementation of the long-awaited General Data Protection Regulation (or GDPR) is inching closer and closer, and discussions will invariably revolve around: “Where to start?”, “Where to go?”, “What will it cost?” If you attend any GDPR event, typically everyone, no matter […]

Continue reading

Hi, I’m Watson, and I’m the new security guy!

Voor bedrijven wordt het steeds moeilijker om je tegen cyberdreigingen te beschermen. Bovendien laat een goede dief maar weinig sporen na: de oorzaak van een effectieve aanval opsporen is zeer tijdrovend en complex. En dan zwijgen we nog over het berekenen van de impact op je bedrijf. Nieuwe technologieën zoals artificiële intelligentie spelen een sleutelrol: […]

Continue reading