Identity and Access Management (IAM) is the Jekyll and Hyde of enterprise security: it’s a proven technical solution to a clear business problem yet it has not become ubiquitous.
Enterprises that have it, love it and couldn’t live without it. However a majority still do not have it.
We ask whether this will this change with the advent of cloud computing.
There are clear business drivers for enterprise IAM:
- Any organisation that has grown organically and which has not subsequently implemented an IAM solution does not know who can currently access its information and services.
- Every organisation that understands this also knows that this is a major security and compliance problem.
- There exist a number of well-respected vendor products that can fix the IAM gap. Increasingly these products can be tailored to an enterprise’s systems with low effort and risk.
- These products offer savings in terms of management and operational overhead, allowing for centralised administration, ubiquitous process automation and clear reporting.
However, delivery of IAM can be challenging for two major reasons:
- The business analysis is difficult; it requires a strategic business position around who may do or access what and when, and how that may be authorised.
- IAM delivers value when it integrates with the most fundamental enterprise applications, many of which may be legacy or otherwise non-standard or complex. This means that the most important IAM integrations can be expensive and risky.