How do you make sure that only authorized users have access to specific data‾ This is a constant challenge to organizations, both private and public. The recent posting of confidential Hong Kong Police data on peer-to-peer software, Foxy highlights the continuing challenges that everyone faces.
We recently discussed the issue of identity and access management with Jacqueline Peterson-Jarvis, Asia-Pacific Regional Security and Management Marketing Manager for Microsoft. Excerpts of the discussion are included below.
How has identity access management changed in the last five years‾
Jacqueline Peterson-Jarvis (JPJ):Identity and Access Management started out as a set of specific customer challenges and technology solutions - such as single sign-on, identity sync, and provisioning, etc. Customers are now viewing and approaching these problems in a more holistic sense and making investments in a more strategic manner. They are looking for complete platforms and solutions that address the broader issues, such as compliance, operational efficiency and security.
What are the drivers for the adoption of identity access management and are these consistent across industries and countries‾
JPJ:Managing user identities is a top priority for many businesses today, and every organization will have different business drivers for determining and implementing an identity and access management strategy. Some of these include:
1. Compliance: This is the number one driver of identify and access management in the enterprise today. Companies have to be able to determine who is accessing what data throughout the organization, and they have to be able to attest to that, in order to be compliant. There is legislation around compliance in many countries throughout the world"&brkbar;and it applies across borders.
2. Operational efficiency: The cost of managing identities is very high. Password issues account for 25% of help desk calls. Automated provisioning can save $50 per PC per year.
3. Security: De-provisioning (revoking access after an employee leaves) is very important, for example. Many companies are deploying strong credential systems to control access and authorization, but they need better ways to manage it.
4. Business agility: Having the ID infrastructure in order enables companies to collaborate with partners and suppliers more effectively, for example, or to smoothly merge two companies. Giving employees simple, secure access to the right systems, applications and data boosts productivity and business results.
In terms of cutting-edge technologies available today, what are we seeing as being early adoption‾
JPJ:Many organizations are looking for high assurance identity providers to securely transact business, using certificates, smart cards or, potentially, information cards (such as Windows Cardspace).
Also, fine grain access control - ability to manage employee access to applications and data at a very detailed level - is something companies are looking to more and more. This is usually based on systems that grant access based on organizational role.