RSS FeedBlogs
RSS FeedSubscribe to this blog
About Author
Forrester Analysts

Forrester Research is a technology and market research company that provides pragmatic advice to global leaders in business and technology.



Enterprise 'overextended'? You need to evolve your identity strategy

Legacy approaches to IAM are failing us

Article comments
The rapid adoption of mobile devices and cloud services together with a multitude of new partnerships and customer-facing applications has extended the identity boundary of today’s enterprise. For the extended enterprise, identity and access management (IAM) is more than just provisioning employees with and enforcing the appropriate access to corporate resources. It’s about the ability to oversee access by a variety of populations, from employees to partners to consumers, and protect a variety of sensitive resources (including data) that may reside on or off the organisation’s premises - all while helping to protect the organization from increasingly sophisticated cybercriminals and resourceful fraudsters.

Unfortunately, legacy approaches to IAM are failing us because they can’t manage access from consumer endpoints, they don’t support rapid adoption of cloud services, they can’t provide security data exchange across user populations, and offer no help against emerging threats.

We at Forrester have been promulgating a Zero Trust Model of information security. It eliminates the idea of distinct trusted internal networks versus untrusted external networks, and requires security pros to verify and secure all resources, limit and strictly enforce access control, and inspect and log all network traffic. Zero Trust applies effectively to identity as well. It requires security and identity pros to: 1) centre on sensitive applications and data; 2) unify treatment of access channels, populations, and hosting models; and 3) prepare for interactions at Internet scale. Moving toward Zero Trust identity not only helps you improve business agility and achieve compliance - it even helps you enhance customer experience and deliver on your org’s API monetisation strategy.

Forrester's Identity and Access Management Playbook will help you evolve from the inflexibility of tightly coupled authentication and access controls to an approach where you deploy service services that produce and consume identity and entitlement information in a loosely coupled manner. Building a Zero Trust IAM strategy that supports the extended enterprise requires a four-step process:

1.   Discover: Identifying the trends, justifying the business case, and assessing your maturity. Understanding your organisation’s business objectives and what you can achieve with a Zero Trust IAM approach can help you build a sound business case for investment that recognises the business, financial, and operational benefits. Once you have a well-defined business case, you can also assess your current capabilities against your business case and identify gaps in your strategy.

2.   Plan: Creating a strategy to manage IAM as a sustainable, on-going program. To make your IAM strategy a reality, you will need to identify and influence stakeholders on both the business and the IT side of the organisation. You must also formally document your IAM strategy and include a description of your current state, a definition of your future state, and a detailed road map and set of recommendations for the sequence of projects needed to make the strategy a reality.

3.   Act: Hiring the right staff, governing policies, and implementing IAM capabilities. Because IAM pros must frequently communicate with a business audience, they must possess outstanding communication skills in addition to IAM technical knowledge. And because IAM is so broad and requires a strong central governing function, you will need to hire several types of IAM professionals, including a VP or director-level position, an IAM architect, and an IAM practitioner. You will also be faced with a multitude of on-premises and cloud-based solutions to your IAM technical requirements.

4.   Optimise: Measuring, monitoring, and marketing IAM results. You’ll have to measure and monitor the effectiveness of your IAM program and report value to the organisation. With an effective metrics program, IAM leaders will be better prepared to demonstrate business value, develop a proactive culture, and align priorities and performance incentives with business strategy. You’ll also be in a better position to understand how your program compares to that of your peers.

You can download the full Executive Overview for the IAM playbook here.

So what do you think? How does Forrester’s vision of IAM compare to yours? And will our playbook be useful? My colleagues Andras Cser (@acser) and Stephanie Balaouras (@sbalaouras) and I (@xmlgrrl) value your feedback as we refine this playbook to help you be successful in your role.

Posted by Eve Maler
Enhanced by Zemanta


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *