Stars in the sky

Protect and transform your enterprise with a holistic IAM program

01

5 min read

The journey toward a smarter IAM program

Professional woman at a computer workstation

Learn about the four pillars of identity and access management.

Protecting your resources while managing user access, complying with regulations and analyzing risk-based context to prevent threats is no easy feat.

Identity and Access Management (IAM) is rapidly becoming a priority for security professionals as they seek to mitigate the cost and reputational damage of compromised credentials. In 2019, 29% of global security decision makers identified improving IAM tools and policies as a top tactical information/IT security priority for 2020.1

Lost or stolen credentials were one of the most common causes of data breaches in 2019, as well as the most expensive. Therefore, without a comprehensive and up-to-date IAM program your users, assets and data are exposed to significant security risk.

80% of data breaches compromise customers' personally identifiable information (PII). 2

A holistic IAM program not only manages user access, authentication and compliance to protect your enterprise, it can reduce costs and improve efficiency through automation. It enables you to leverage AI and data analytics to identify high-risk patterns in context and prevent potential breaches before they occur.

New technologies make transformative IAM goals possible to achieve, and as a result monolithic IAM solutions are being replaced with cloud- and API-based offerings that simplify integration and adapt to evolving business requirements.

In 2023, 80% of organizations will fail to meet security, privacy, usability and scale requirements if IAM teams don’t deliver technical guidance to developers. 3

Despite the benefits of a holistic and intelligence-driven IAM program, many organizations still have fragmented, stagnant, and incomplete solutions that expose them to significant risk. Many organizations are aware their IAM programs are outdated and leave security gaps but are unsure where to start. In this paper, we identify four pillars of a holistic IAM program and describe how IBM IAM solutions can help you achieve them.


Read about the four pillars of a holistic IAM program and choose where to begin your journey:

Replace or augment passwords with more effective and less cumbersome solutions that provide security and appropriate levels of access.

Ensure your organization is compliant with regulations and is appropriately granting and revoking access to sensitive information as users move roles within or leave an organization.

Monitor how your privileged users access restricted data and analyze their behavior patterns in context to identify and mitigate potential risk.

Implement a Consumer Identity & Access Management (CIAM) strategy to keep up with increasing and changing privacy regulations and consumer expectations of a personalized experience.





1 The Top Trends Shaping IAM in 2020., Forrester Research, Inc., January 29, 2020.
2 Cost of a Data Breach 2020, IBM Security, July 2020
3 Gartner, Predicts 2020: Identity and Access Management, Felix Gaehtgens, Henrique Teixeira, Erik Wahlstrom, Akif Khan, David Mahdi, December 9, 2019.

02

6 min read

Access management

Professional woman at a computer workstation

Seamless and secure access for your entire organization.

Move beyond passwords and connect any user to any resource.

Your Identity and Access Management program can keep your business secure while maintaining a frictionless experience for users. To achieve both, organizations are moving away from passwords and embracing more current and effective multifactor authentication (MFA) solutions such user biometrics, mobile-optimized push notifications and hard tokens.

While more than 70% of organizations still rely on passwords for authentication1, the majority are expected to prioritize MFA and embrace it at a rapid pace.

By 2024, the use of multifactor authentication (MFA) for application access through AM solutions will be leveraged for over 70% of all application access, up from 10% today. 2

With modernized MFA methods in place, you can implement an additional layer of security without complicating the user experience.

As you grant users access on and off-premises, contextual data across user, device, activity, environment and behavior can help you identify digital identity risks and limit access in high-risk attempts. With AI-powered adaptive access controls, you can dynamically assess a holistic view of risk and vary the level of access granted to users accordingly.

High risk user pictogram
Forrester Wave ranks IBM a leader in Risk-Based Authentication
Learn more about IBM’s risk-based adaptive access capabilities in The Forrester Wave™: Risk-Based Authentication, Q2 2020

With IBM Security Verify, you can:

Deployed as a standalone solution or in combination with other access management tools, Verify helps you deliver authentication as-a-service to any of your cloud, on-premises or custom apps.

With Verify, you can enable MFA and passwordless login anywhere in your IT environment.

Using real-time analytics and risk detection, Verify dynamically adapts access levels to risk levels.



Trusted user pictogram
IBM Security Verify
Connect users to resources while protecting your organization’s assets.


Securing the identity of users across a variety of devices and platforms while maintaining a frictionless experience presents security professionals with challenges yet rewarding outcomes. To facilitate this, many seek to move their legacy IAM solutions to the cloud or integrate them with cloud-based solutions.

Identity-as-a-Service (IDaaS) is projected to grow to $6.5 billion in 2024, from $2.5 billion in 2019, at a Compound Annual Growth Rate (CAGR) of 21.1% during the forecast period. 3

Opting for cloud-delivered IAM services over an upgrade of legacy on-premises solutions can help you reduce costs, innovate with a minimal infrastructure footprint, simplify operations, and deploy faster.


With IBM Security Cloud IAM Services, you can:

Replace or complement your on-premises IAM infrastructure as you integrate IDaaS solutions.

In addition to quick delivery of functionality, IBM Cloud IAM services can orchestrate a phased journey that minimizes user disruption.

With fully managed operations for your IDaaS platform, you can continuously improve your IAM program and expand your solutions as your organization evolves.

Augment your in-house IAM team with IBM technical professionals, while you retain and redeploy skilled IAM team members.



Secure hybrid cloud pictogram
IBM Cloud IAM Services
Plan and execute an IDaaS program designed for business growth.




1 Using Zero Trust to Kill the Employee Password, Forrester Research, Inc., March 2, 2020.
2 Gartner, Magic Quadrant for Access Management, Michael Kelley, Abhyuday Data, Henrique Teixeira, August 12, 2019.
3 Markets and Markets, Identity as a Service Market, Global Forecast to 2024, September 5, 2019.

03

4 min read

Identity governance

Professional woman at a computer workstation

Manage and adapt user access while you address regulations.

Provision and deprovision employee access as they change roles or leave your organization.

As you implement IAM policies across your enterprise, enable your managers and HR professionals to grant and deprovision employee access as they join, move within, and exit your organization. Despite the risk outdated controls pose, many enterprises fail to regularly update entitlements – even for accounts with access to highly sensitive information.

Outdated entitlements can also put you at risk of non-compliance if regulations require you to keep user digital identity records, along with their access levels and audit trails.

When equipped with the right resources, managers and HR professionals can set levels of access based on users’ business activity and needs rather than relying on role-based policies that can lead to over-privileged accounts.

Role-based approaches to setting entitlements typically meet no more than 70% of needs 1

IBM Security Identity Governance & Intelligence and IBM Security Verify (SaaS) provides you with the tools to:

Automate the process of provisioning and deprovisioning access rights for joiners, movers, and leavers across your organization, and recertify periodically at a comfortable cadence.

In lieu of IT jargon that can lead to bulk approvals, empower your managers with business-friendly information that allows them to understand and set entitlements appropriately.

Proactively mitigate risk using identity analytics powered by machine learning, which can automatically exposes top risks along with suggested remediation.



thumbprint pictogram
IBM Security Identity Governance & Intelligence
Grant access to resources and assess risk


Finger verification tool pictogram
IBM Security Verify
Modernize your lifecycle management with a hybrid approach to identity governance


As you work to employ consistent processes and workflows for managing user identity and access across your enterprise, you may need tools that help you optimize your Identity and Governance Administration (IGA) for your business needs. IBM Identity and Governance Administration Services provides support to deploy and leverage your identity governance tools in a hybrid multicloud or on-premises environment.



Cloud with particles
IBM Identity Governance and Administration Services
Align your Identity Governance and Administration solution with your business goals and help boost employee productivity.




1 Gartner, What you must know about Identity and Access Management in 100 Tweets, Ant Allan, Felix Gaehtgens, September 10, 2020.

04

4 min read

Privileged access

Professional woman at a computer workstation

Monitor users with privileged access and protect endpoints.

Gain visibility into the activity of your privileged users and protect your highly sensitive resources.

Since sharing highly sensitive information with a large pool of users will increase your attack surface, you can better protect your resources by restricting access to a small group of privileged users. However, these privileged accounts require high-order security controls, like a password vault, and continuous monitoring.

At least 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates.1

Surprisingly, more than half of enterprises are unable to locate their privileged accounts.

55%
of organizations have no idea how many privileged accounts they have or where they are located.2

50%
More than 50% of organizations have privileged accounts that never expire or get deprovisioned.3


Failure to implement sophisticated security controls and leaving gaps in protecting privileged user endpoints and credentials is also common. For example, nine out of 10 organizations rely on human-created passwords – which may have not been changed for several months or longer - for privileged accounts.4

Endpoint protection is becoming increasingly important: 85% of cyberattacks enter through a compromised endpoint. 5

Successful Privileged Access Management (PAM) solutions monitor the activity of privileged accounts and use analytics to flag unusual behavior and mitigate the effects of a breach from a privileged user endpoint.


With IBM Security Verify Privilege you can:

Quickly identify privileged accounts in your environment with the IBM Security Privileged Account Discovery Tool.

Store passwords and credentials in a secure password vault.

Automatically implement least privilege policies and remove local administrative rights from endpoints to prevent malware exploitation.



Identity assessment pictogram
IBM Security Verify Privilege
Discover and protect your privileged account credentials and endpoints.


Effectively deploying and managing a PAM technology solution requires a comprehensive strategy and deployment plan with a continuous improvement mindset. IBM Privileged Access Management Services can provide your enterprise with a holistic and flexible PAM program, from strategy to deployment, steady state management, automation, analytics and optimization.



Strategy and risk pictogram
IBM Privileged Access Management Services
Secure your privileged accounts with a smarter PAM program.




1 The Forrester Wave™: Privileged Identity Management, Q4 2018, Forrester Research, Inc., November 14, 2018.

05

6 min read

Consumer identity

Professional woman at a computer workstation

Protect consumer data while creating delightful digital experiences.

Balance privacy and personalization to help protect consumer data and address regulations.

Businesses aim to provide consumers with personalized, frictionless experiences while protecting the digital identity of their users across various touchpoints. By 2022, CIAM will be used as a key component of a competitive UX strategy by 85% of organizations, up from 40% today.1

While leveraging user data can be an important differentiator for enterprises, protecting data privacy and maintaining compliance with regulations - HIPAA, GDPR, PCI DSS, and California’s data privacy law - may be more important than ever. A robust CIAM solution asks users for permission and consent throughout their lifecycles and on the various devices they use, which can help you establish progressive trust and maintain protection across touchpoints and compliance with the most recent regulations.

A breach could cost you:

$3.86M
average cost of a data breach

280 days
to identify and contain.2



IBM Security Verify can help you:

Help protect against attacks like credential stuffing or account takeover while preserving a frictionless user experience for low-risk users.

Keep applications up-to-date with consent management workflows that allow developers and privacy officers to speak the same language and help avoid repetitive work.

Meet the ranging demands of consumers with a wide array of passwordless and multifactor authentication methods, along with social login options to help reduce login friction.



Finger verification tool pictogram
IBM Security Verify
Provide protected and personalized user experiences


IBM Security Consumer IAM Services can help you:

Protect the privacy of users across a growing number of digital touchpoints without losing sight of their identity or journey.

Support the needs of your CMO and business operations with a turnkey consumer identity and access management solution that can enable a trusted relationship with customers.

Deploy customer-facing campaigns and your enterprise’s digital transformation initiatives faster than before.



Endpoint security pictogram
IBM Security Consumer IAM Services
Delight and retain customers with a robust CIAM program




1 Gartner, Technology Insight for Customer and Identity Management, Henrique Teixeira, Michael Kelley, Ant Allan, Jonathan Care, May 4, 2020.
2 IBM Security, Cost of a Data Breach 2020, July 2020

06

4 min read

Client success stories

Professional woman at a computer workstation

Learn how VLI and Banca Transilvania benefited from our IAM solutions and services.

While the needs of VLI and Transilvania bank varied in purpose and scope, both were able to find IBM IAM solutions that fit their needs.

VLI moves cargo faster

VLI moves 38 million tons of agricultural, steel, and mineral products around each year using 8,000 kilometers of railway, 100 locomotives, 6,700 railway cars, eight intermodal terminals, four strategically located shipping ports, 8,000 employees and 1,000 contractors.

With IBM Security IAM Solutions, VLI began to grant user access 95% faster and within seconds rather than days. Employee productivity increased while risks of malware and ransomware attacks were reduced.

We decided on IBM for a combination of reasons: the technology, local support and price. We validated the technical integration and that the solution works for us. ”
Thiago Galvao
Chief Information Security Officer (CISO) at VLI
SVG ALT; required.
Learn how VLI used a suite of IBM Security IAM solutions to reduce the risk of threats and improve the efficiency of their transportation network


Banca Transilvania builds a compliant,
open banking platform

When the European Parliament enacted its second Payment Services Directive intended to streamline transactions across EU borders and promote open banking processes, Banca Transilvania did not have the technology required to embrace open banking and comply with the EU regulations.

In order to integrate new fintech partners and have banking customers’ financial information ready to be shared, Banca Transilvania needed to meet several technology milestones in a short time-period. With the help of IBM Security IAM solutions, the bank built a secure and flexible platform that met those technology requirements.

Open banking will let us integrate other players, such as fintechs, into the Banca Transilvania ecosystem. It will let us bring a superior digital experience to our customers. ”
Dan Moldovan
Head of Digital Fintech Department, Banca Transilvania S.A.
SVG ALT; required.
Learn how Banca Transilvania used IBM Security IAM technology solutions to create a flexible and secure open banking platform.


IBM IAM consultants and security specialists can help you design and manage identity and access solutions tailored to your needs, and maximize your IAM investments to set you up for long-term success.



SVG ALT; required.
IBM Security IAM Services
Design an IAM strategy tailored to your needs