As Identity and access management (IAM) continues to play a more critical role in digital transformation, it has risen to a level that not only dominates cybersecurity but threatens to subsume it. Today CISOs place IAM concerns on top of the list because continuously connected users need swift access to business processes at a reduced risk than what organizations are tolerating today. Not only do they need to ensure that the users accessing their environment are whom they say they are, but that:
- Access is precise, not overly generalized
- Customers get frictionless access when appropriate
- Customers only see what’s theirs
- Patients feel confident and secure in accessing their digital medical information
- People are using the proper strength of user verification when functioning as a privileged user
With these challenges in mind, it was great to see close to 500 customers participating in our Micro Focus Cybersecurity Summit in Washington, D.C. Users, devices and the Internet of things have added a layer of complexity to security management that requires infrastructures to provide adaptive security capabilities with a streamlined user experience. I was part of the Identity and Access Management product track, to showcase an integrated approach to identity management to make sure the right identities have the right access to the right things at the right time.
3 Trends covered in my Access Management Sessions
Organizations are looking for more than just passwords: For years (decades) IT’s mindset has been centered on solving the password puzzle and figuring out how users gain access to the resources they need to do their jobs. However, today in a world where everyone is connected through his or her personal devices 24x7 the potential for credentials to be hacked is universal. It is this atmosphere of increasingly compromised credentials that the discussion has elevated from merely enforcing access decisions based on whether someone presents the right credential towards using additional attributes (context) and authentication types to ensure that the person really is who is he (or she) says he is. In my joint session with Chan Yoon, Director of Product Management at Micro Focus, we discussed considerations that organizations should think about when making that transition.
Risk-based access is on the rise: Static authentication is no longer an effective approach to controlling access. In today’s connected world, analytics and context can be used to provide additional insight into a user’s identity to help verify that a user is whom he or she claims to be. When access conditions are in doubt, organizations are beginning to evolve their environment to be able to invoke additional levels of user verification. When the risk is low, you can choose to deliver access quickly without unnecessary friction. When things aren’t what they seem or are deemed too risky, you can step up the authentication as needed to match the user experience to the risk at hand. In that session, Chan and I talked about the different approaches available to you.
One size authentication no longer applies: modern authentication choices are emerging at an increasing rate, providing a rich set of options that organizations have never seen before. Having such a wide a range of authenticator options available—biometrics, one-time passwords, push notifications, passive technologies, etc. — means that organizations now have the ability to match the right authentication experience to the situation. These new authentication options provide the means for organizations to deliver an experience that is frictionless as possible under the circumstances.
Balancing business innovation and security
In our session “Access management: The glue between business value and security,” Chan and I talked about other access management related topics as well, but these three listed above took up the bulk of the time. We also pointed out some deployment gotcha’s, as well as some unique approaches that Micro Focus takes on solving these and other IAM-related problems. And of course, the access management offering discussed sits on a foundation that we label as Identity Powers. Micro Focus has a powerful and complete identity solution that ensures that they are pervasive, attribute-rich where needed, and up-to-date. Ask yourself, "why does identity matter for your business"? Often, it's used to drive access.
If you missed the 2018 Cybersecurity Summit, you still have a chance to check out the IAM and other sessions offered at the Micro Focus Digital Cybersecurity Summit. The digital event will start on October 30 with free registration, and you can pick the session you want to view. I think that you will find it worth your time and be glad you did.
Thanks for reading!