IAM Systems Need to Become More Intelligent
Business demands on identity and access management (IAM) infrastructure continue to grow. IAM has come a long way to improve access security and operational efficiencies. Organizations today commonly provide single sign-on, employee lifecycle management, and are extending these services to customers and consumers.
Saying that, the current set of IAM tools are very prescriptive. The better you understand and implement the rules, the better your IAM system functions. In a fast moving business, rules are not always well defined, do not uniformly apply across the organization, and change constantly. If that wasn’t enough, the business models change quickly forcing IAM systems to adapt. The IT industry is also going through major paradigm shifts with IoT, cloud services and BYOD.
In this world, how do we provide access to the unknowable and the uncontrollable? Access needs to be provided to people that have little, if any, relationship to the organization on personal devices. Interestingly enough, that relationship to the company can strengthen or diminish based on the business need. Mobile and connected devices are also increasingly being introduced into the enterprise to provide critical business function. These devices are difficult to manage, can have proprietary software, move around, get turned off, get lost, get stolen and can reappear. How as an IAM practitioners do we know if these actions are valid or not? Taking the wrong action could, on one hand, allow a security vulnerability while on the other, could stop critical business function.
IAM systems need to become more intelligent. They need to:
- Continually monitor different security and business indicators in real-time. Based on risk scores, access should be granted, questioned, or denied automatically.
- Not rely solely on access rules but continually learn how users work and build risk patterns appropriately.
- Leverage distributed trust models
- Be intelligent about the IAM ecosystem. IAM systems need to seamlessly leverage the strengths of other tools and existing deployments. From a practical perspective, IAM deployments are complex and daunting to replace. New intelligent capabilities are needed now and cannot rely on a major upgrade existing systems before they are introduced.
By incorporating intelligent and adaptive systems into the IAM infrastructure we can provide services that will enable businesses to grow while meeting security, regulatory, and privacy demands.
By David Treece, IAM Enterprise ArchitectView More Posts