ESG360 Video: Who Owns Identity and Access Management (IAM)?

Mobility and cybersecurity. While those two areas may have very different roles inside an IT organization and business, they both play integral parts in identity and access management. Given that, I’m always getting asked, “Who owns IAM?”

Topics: Cybersecurity identity and access management Enterprise Mobility

Who Owns Identity and Access Management (IAM)? (Video)

When it comes to identity and access management (IAM), the cloud, mobility initiatives, and app dev are driving chaos. Security risks are on the rise due to the expanded perimeter, and though IT operations shoulders a great deal of IAM responsibility, who actually owns identity and access management?

The answer isn’t clear-cut. It actually depends on a number of things, including: an organization’s maturity, its security posture, and how aggressively the company is pursuing identity and access management strategies.

Topics: identity and access management Enterprise Mobility

How Is Identity and Access Management (IAM) Changing (Video)

With growing numbers of people using personal devices for work, most organizations no longer have ultimate control over their employees' devices. Today, it’s essential for CISOs and other security professionals to provide their employees with safe and secure access to the corporate data, applications, and devices they need to perform their jobs. Across industries, organizations are dealing with this challenging lack of corporate control, combined with the necessity of ensuring security, and providing employees with easy access.

Topics: Security identity and access management Enterprise Mobility

Cybersecurity, Mobility, and the Expanding Perimeter (Video)

As businesses lose control of devices and rapidly adopt cloud consumption models, identity and data have become the new perimeter for IT operations and information security teams to secure and protect. My colleague Jon Oltsik and I sit down together to highlight how mobility, identity, and security are creating technology challenges, organizational barriers, and business risks as the security perimeter expands at a faster pace than business can keep up with. The discussion sparks attention towards the IT vendors that are attempting to enhance security postures from within a silo as opposed to the new purview business are dealing with today.

Topics: Cybersecurity identity and access management Enterprise Mobility

Identity and Access Management (IAM) Has Been in Babysitting Mode for Years...Something Must Change!

IAM creates the first link in the “chain of trust” when a user, device, or a connected thing authenticates with a trusted source. Establishing this initial handshake is critical since it initializes the path to access and authorization—no wonder IAM has quickly become a renewed focal point for IT operations and information security professionals. To that end, ESG recently completed an IAM research study to validate existing business pain points around authentication, IAM professional white board priorities, and opportunities for IAM vendors to differentiate themselves amongst the countless tools littering a complex IAM landscape that are leading to buyer confusion.

Topics: identity and access management

Identity Management To-Do List Aligns with Cybersecurity

My colleague Mark Bowker just completed some comprehensive research on identity and access management (IAM) challenges, plans, and strategies at enterprise organizations. As a cybersecurity professional, I welcome this data. Identity management should be a major component of an enterprise risk management strategy, yet IAM technology decisions are often treated tactically or left to application developers or IT operations staff who don’t always prioritize security in their planning.

Topics: Cybersecurity Mark Bowker IAM identity and access management

The Internet of Identities (IoI)

Everyone is talking about IoT these days and for good reason – there are already billions of devices connected to the global Internet and some researchers are predicting 50 billion by 2020. This alone will make CISOs' jobs more difficult, but security executives face many other associated challenges as well:

Topics: Cybersecurity IoT identity and access management micro-segmentation SDP Internet of Identities

The Era of Identity-based Applications

Identity and access management (IAM) has always been a heavy burden for large organizations. Why? Multiple folks across companies – business people, software developers, IT operations, human resources, security, compliance auditors, etc. – play some role across the IAM spectrum.

As a result of this IAM group hug, technology decisions tend to be made tactically without any central oversight or integrated strategy but this behavior may be changing. According to ESG research, 49% of large organizations claim they now have a formal enterprise-wide strategy in which IAM technology decisions are managed by central IT. In other words, someone in IT is now responsible and accountable for all IAM technology.

Topics: Cybersecurity IAM identity and access management

Balancing user experience with security

The number one challenge I hear from IT professionals across the board is balancing security with user experience across multiple device types that employees use in the course of a day. If those IT pros turn the dial too far in one direction, they’re faced with security vulnerabilities. If they rotate the dial too far in the opposite direction, they faced user-experience hurdles.

This challenge is exacerbated for those companies that want to further embrace cloud consumption models, but are once again perplexed about where to set the dial.

Topics: identity and access management Enterprise Mobility

Identity and Access Management (IAM) infrastructure is misaligned with security

Several CISOs I’ve spoken to over the past few years agree that identity is a new security perimeter. The thought here is that a combination of mobile device and cloud use renders existing network perimeters obsolete, so security policy enforcement decisions must be driven by identity attributes (i.e. user identity, role, device identity, location, etc.) rather than IP packet attributes. We see this transition coming to fruition with the concept of a software-defined perimeter (SDP) and technologies such as Google BeyondCorp and Vidder PrecisionAccess.

Topics: Cybersecurity IAM identity and access management