Posted: 3 Min ReadExpert Perspectives

Identity and Access Management Reach Inflection Point

For Symantec customers: Digital transformation, mobility and cloud mandate transition for IAM

The COVID-19 pandemic has disrupted work as we know it. But think for a moment what that work was like – and soon will be again. Consider Audrey, a hypothetical mechanical engineer who is responsible for worldwide manufacturing for a vehicle parts company: She travels between U.S. design centers and global factories; she shares CAD diagrams in video conferences from hotels, coffee shops and her home office; she incorporates insights from factory-generated big data analytics into design specifications. She’s indispensable to her company and the powerful IT capabilities that support her are indispensable to her work.

And Audrey is not alone. Across industries of all kinds, businesses have been taking a mobile-first approach to employees at every level, even as those businesses digitally transform themselves at every level. As companies ride out the pandemic, many are taking a remote-first approach to workers. What’s more, they are likely to be accelerating their digital transformation projects, implementing web applications that pull in data from on-premises and cloud-based sources to automate processes and guide decision-making.

Our world of work is different today, yet some organizations persist in implementing the Identity and Access Management (IAM) of yesteryear...

It’s a far cry from, when workers accessed centralized databases from fixed locations. Mobile users were the exception and had limited data access because bandwidth was at a premium. In this world, setting up a protective perimeter made sense. Web Access Management provided single sign-on and single sign-off for web applications. Security was implemented separately for each application.

Our world of work is different today, yet some organizations persist in implementing the Identity and Access Management (IAM) of yesteryear, oblivious to the disruption that has taken place thanks to mobility and digital transformation. A fresh approach is needed. Identity and Access Management must take up the gauntlet of disruption and disrupt outdated perimeter-based security.

The new IAM must be integrated into the fabric of applications. Instead of a single broad perimeter, the new IAM architecture is based on many microperimeters, each a single user, session, device or application. The new IAM has these characteristics:

  1. Contextual and omnipresent. Identity doesn’t occur in a vacuum, but in a context of the user’s activity, device, session and application, with continual monitoring and adjustment.
     
  2. Risk-based authentication. Each access request poses a different level of risk according to user device and data sensitivity. Authentication must correspond to the level of risk.
     
  3. Relief from authentication fatigue. Users need not identify themselves over and over, which was once required when each application had its own security requirements.
     
  4. Identity itself is the perimeter. By considering the unique characteristics and needs of each user, device and session, the appropriate security measures are applied to each identity.

That’s where we need to go. How do we get there? You can’t wave a magic wand over your enterprise, say a few magic words, and voilà it happens! And you can’t issue a top-down mandate that changes all the rules overnight. Although the new IAM disrupts the old, what is needed is a gradual transition to bring identity services closer to the applications.

Start by looking at things from the user’s point of view and make sure the user gets the same experience – seamless single sign-on and single sign-out – regardless of the channel. The old perimeter-based approaches won’t go away overnight but will exist alongside your new microperimeter approach to IAM for a certain period of time. In some markets, businesses might want to consider adding the distributed identity capabilities of blockchain to the mix.

Bottom line: You need to make IAM “just work,” not just for Audrey but for all workers, as well as your company’s customers and partners. There is more to say about all this, so please look for my upcoming blog entries on this subject. Next will be a close look at modernized IAM.

Download my whitepaper below for more information as well.

 

Symantec Enterprise Blogs
Webinar

The Rise of the Decentralized IAM Platform: Are you ready for the transition?

Join Vadim Lander, to learn what is needed to bring identity services closer to your applications and transition to the new micro-perimeter environments to help enable the business while providing the necessary level of protection.

Register Now
Symantec Enterprise Blogs
You might also enjoy
Product Insights3 Min Read

Why it’s a Great Time to Evaluate IAM

Questions for you to consider when evaluating the maturity of your current IAM program

Symantec Enterprise Blogs
You might also enjoy
Feature Stories3 Min Read

Why Identity Projects Go Wrong

Identifying key factors for success (and failure!) in IAM projects

About the Author

Vadim Lander

Identity Security CTO & Distinguished Engineer

Vadim is a recognized IAM expert having architected, developed, and led multiple, highly scalable IAM solutions to become industry leaders. At Broadcom, Vadim is focused on evolving IAM to meet the needs of the world going digital.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.