November 3, 2021
Strong identity and access management is the cornerstone of a good security strategy
Migrating your identity and access management platform to a modern, standards-based one reduces security worries and frees you to focus on your core business instead, says Richard Craig, Practice Lead: Digital Experience at Altron Security.
A common definition used to describe the principle of identity and access management (IAM) is “ensuring that the right person has the right access at the right time”. However, an alternative view is that it is about making sure that the wrong users do not have access to your systems and data.
Remember too that these ‘wrong users’ are not necessarily only cyber criminals seeking to infiltrate your business; it could just be a disgruntled ex-staff member who was not properly off-boarded when leaving the organisation. From an IAM perspective, there are always bad actors who have the potential to be destructive simply through having access that they shouldn’t.
This is why a good IAM strategy will be compatible with a ‘zero trust’ approach to security, ensuring that people only have the minimum access required to do their job. This avoids situations where a long-standing employee who may have changed positions several times still retains access to the systems and applications required to perform their earlier roles.
Of course, to adopt an effective zero trust strategy, you simply cannot be utilising a legacy IAM system, and in today’s digital world, it is vital to modernise this platform. As a comparison, if you were to secure your home, you would probably not retain an alarm system dating back to 1980. However, even if you choose to do so, you will still have some degree of protection from burglars.
Enterprises face the similar challenge differently. By upholding a legacy system, your entire security stack becomes tough to maintain and difficult to patch and it will not enable you to keep pace with the current, rapidly evolving threat landscape. Threats are posed by criminals from around world, including state-sponsored actors – who will have access to the latest and greatest tools to break your defences – as well as from internal sources. Clearly, if you hope to mitigate the current thread landscape, you simply cannot afford to still be using a legacy or out-of-date platforms and systems.
Legacy IAM systems create a wide range of pain points that can easily be avoided with a more modern standards-based solution. For one thing, legacy systems tend to be proprietary in nature, which cost a lot to run and are even more expensive to maintain.
There will also be a negative impact from a business agility point of view, since it will be unable to keep pace with rapid digitisation and will be cumbersome to onboard and adapt to modern digital applications and will likely not perform the way you need it to.
Open standards are quickly being adopted in this space, and if your legacy platform does not support these, you will inevitably struggle to deliver the latest security to your applications.
Of course, from an adoption point of view, there are ways to plan an upgrade path from a legacy IAM platform to a more modern approach. For example, you could consider moving to a software as a service (SaaS) based model, rather than an on-premises one, as the elastic nature of this service not only saves from a cost point of view, but improves your business agility too.
With a SaaS platform, updates, patches, new features and more are delivered automatically by the service provider, thereby significantly reducing complexity for your own IT department.
Additional benefits include aspects such as an increase in productivity – applications will integrate more easily and operate more effectively with a modern standards-based platform – not to mention the return on investment with the ability to roll-out new applications will all be greatly improved.
With the increasing uptake of open standards, not only is the playing field being levelled, but you are also not reinventing the wheel. After all, open standards are the result of the realisation that most of the digital security challenges we face are common to everyone. Much like a neighbourhood watch scheme would be beneficial to your home security strategy, so having open standards is a similar investment in the community, with a view to making everyone safer.
Adopting such standards also ensures there is a level of consistency in the manner that things are done. After all, if you think of the numerous digital platforms that exist and may need to collaborate and integrate to ensure effective security, you quickly realise that achieving this can only be done with open standards.
In the end, business people want to do business, and security systems are there to protect the business systems. Therefore, the biggest benefit of adopting a modern standards-based security platform is that it enables you to focus on your core business, while leaving the operation thereof to security professionals.
With an IAM platform in the cloud, your security system will be stronger, more agile, flexible and much more cost-effective, while also being operated and maintained by security experts. This means you no longer need to expend vital resources in this area and can rather channel these towards growing your business further.