According to Gartner, organisations should entrench identity management as part of their cybersecurity foundation. Specifically, security teams can work with identity and access management (IAM) practitioners to invest in IAM programs and create an identity fabric for their organisations. By using an identity platform and developing good IAM hygiene, organisations can counter serious security risks and create other advantages, especially for their customers.
The synergy between security and IAM
The relationship between cybersecurity and identity is well-established, yet it is still often overlooked or handled piecemeal. Cohesive and centralised identity control remains elusive, putting companies out of step with the world’s evolving trends.
This point was among several presented by Gartner VP analyst Felix Gaehtgens at a recent Cybersecurity and Risk conference. Shifts in workplace habits and the adoption of decentralised systems are bringing security and identity closer together. They present an opportunity to consolidate identity tools and processes and centralise control over identity.
“Many of you have a lot of tools but don’t really have a good, functioning IAM program—here is your opportunity,” said Gaehtgens. “It is the control plane and foundation of cyber security—this is where focus needs to be.”
Identity has become very decentralised in many organisations. Some blame employees working away from the office, but issues around identity management are much older than widespread remote work.
Even if a business stops all remote work and pushes everyone back to their desks, this will not address overall identity risks. Decentralised or federated IT systems, such as using cloud services, still place many identities at the edges of an organisation. Machine identities continue to expand and sprawl. Customer identities exist across the landscape, from headquarters to branches. And compliance measures always hover nearby.
“Even if everyone worked at an office, they still rely on decentralised IT such as cloud services, and they are using remote access for things such as email and document sharing,” says CONTACTABLE. “Decentralised technology is very beneficial but the inherent risks remain. Identity links these various systems together, which is why identity management should be one of the most crucial functions every organisation must champion.”
Reining in decentralised identitites
Decentralisation is a characteristic of the latest digital era. While security and IT teams invest in identity management tools, they often end up with a pile of disparate products that don’t improve their central identity management. Gaehtgens said that those in charge of identity are “expected to create centralised control in a totally decentralised world” and that identity management needs to be “consistent, contextual and continuous.”
He proposes four key elements that define appropriate identity management.
IAM must be consistent, especially when applying access policies, contextual to support dynamic access policies, continuous throughout sessions to facilitate features such as single sign-on and sign-off, and strengthen identity leadership outside of IT and across the organisation.
An identity fabric is crucial to establishing centralised IAM in a decentralised world—this is Gartner’s bottom line. Several models, including Gartner’s, help create such a fabric. But how can organisations create a central launch point to consolidate their identity tools and processes?
Integrated identity platforms offer the solution
The answer is an Integrated Identity Platform (IIP). IIPs provide the central infrastructure and intelligence to validate and manage identities. As platforms, they can incorporate a wide range of identity tools, such as biometrics and querying multiple identity databases. They can integrate with other identity and technology systems, creating a foundation to bring disparate tools together and eliminate unnecessary ones, thus saving costs.
IIPs are profoundly useful for onboarding and managing customer identities, reducing fraud risks and extending identity processes to different parts of the business without ceding central control. They support internal identity teams and reduce the need to invest in complicated identity systems and skill sets. An IIP is the best way to meet identity compliance and to future-proof identity as IIPs continually develop and roll out new technologies such as artificial intelligence and new identity systems.
“Platforms centralise control and management in ways suited to a decentralised world,” says CONTACTABLE. “Identity can easily be pulled into different directions, creating a lot of new risks and management headaches. It makes sense to manage identities through a dedicated platform that can integrate with various parts of an organisation, from working with customers to security administration.”
These advantages are what CISOs, CIOs, and the boards that hold them accountable look for, said Gaehtgens, “The CISO is asked three main questions by the board: ‘Are we secure?’, ‘Are we compliant?’ and ‘What about AI?’ IAM is at the centre of all this. The role is becoming much more important. Why? Because it is at the centre of security in the new world.”
By centralising IAM, organisations will substantially lower their cyber, compliance, and business risks. Integrated Identity Platforms provide the best foundation to achieve this. If you want to gain more control over identity and improve your cybersecurity, start by looking at the benefits of an IIP. Talk to Contactable—we specialise in IIPs and how to integrate them into your organisation.