Products Must Address New Identity Requirements

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

<p><strong>London &mdash; Dec. 17</strong><br />Core components of many mainstream identity and access management (IAM) solutions have had to be appreciably enhanced simply to keep pace with constantly changing business and operational demands. </p><p>Today, as well as providing core user access and protection services, the latest IAM product suites need to be equipped to deal with new identity and access control requirements that include Web and remote-access user communities, federated business relationships, a growing services-led information access culture and fraudulent activity that can impact all types of information user. <br /><br />However a new report just published by Butler Group, Europe&rsquo;s leading IT research organization, &ldquo;Identity and Access Management: Enabling Secure Access for Web, Enterprise and Remote Users,&rdquo; points to the importance of enterprises recognizing the core range of services that IAM already gives as opposed to being distracted by the latest product news.<br /> <br />&ldquo;During the two years that have elapsed since Butler Group last published a Report on IAM (June 2006), key functional protection requirements remain unchanged. However, what has changed very significantly in the intervening time frame are the range of business operations and service delivery environments that need to be supported and protected,&rdquo; said Andrew Kellett, senior research analyst at Butler Group and the report&rsquo;s co-author. <br /><br />&ldquo;But before getting too fixated on everything new that IAM is required to address, including the range of additional Web-facing facilities and services that many leading vendors are adding into their platform-based portfolios, it is important to recognize the range of core business protection and continuity services that IAM already delivers.&rdquo; <br /> <br />Identity-Based Controls Are Essential<br /> <br />The report emphasizes that the primary role of IAM is to provide facilities that deliver an acceptable balance between the need for corporate privacy and protection and the demands of the user community for open, uninhibited access to information from wherever and whenever they need it. This mixture of priorities that sets protection alongside the demand for availability is something that each organization must scope out to fit its own specific risk profile, but in Butler Group&rsquo;s opinion is best-served in the working environment using a fully featured, business-focused IAM approach.<br /> <br />For certain, extending access to corporate systems and the information that they hold to an ever-growing range of users adds significant risk to business operations, as does the need to externally collaboration with third-party business associates and supply-chain partners. Fundamentally, organizations must remain responsible for all of the information that they choose to gather in, maintain and store. <br /><br />Businesses need to be fully accountable for the upkeep and protection of that information and, where it is decided to make that information available to other authorized users, the business must also accept that it remains responsible for the activities that are carried out on its behalf by third-party business partners. <br /> <br />B2B IAM Federation Increases Speed and Efficiency <br />The report recognizes that whilst adoption of B2B IAM Federation has been less widespread than expected, with a lack of strong business cases being a significant stumbling block, its use increases the speed and efficiency with which identity integration can be achieved, removing many of the barriers to interorganizational access. Furthermore, the standards basis for federation is now sufficiently mature for it not to have an impact on investment risk.<br /> <br />To be effective, up-to-date IAM solutions have to be able to handle the identity management and access control demands of all types of user and application. Size and operational complexity precludes most organizations from knowing the vast majority of their information users. Therefore, access to business systems needs to be managed using rules and controls that can be fully aligned to the operational requirements of the organization.<br /> <br />”The average organization operates business systems that are accessed by many different types of user: employees, customers, business partners and third-party suppliers to name but a few of the more high-profile groups,&rdquo; said Kellett. &ldquo;Even within these specific groups, the rights of access to information systems can vary immensely. To maintain any sort of sensible levels of control over who is allowed to access what systems, it is essential to use provable identity-based controls that match up with business and operational needs.&rdquo;<br /> <br />Organizations also must ensure protection is appropriate to the possible loss that could arise from their assets being compromised or lost, and also that security mechanisms align with the need to maximize business advantage. Applications and services are, increasingly, key value centers for organizations, to which greater exposure can increase revenue streams. However, broadening access to functions is potentially also a source of increased risk, so it is extremely important to ensure that the requisite protection is built in.<br /> <br />The number of employees and users from outside the enterprise requiring use of corporate IT assets at times throughout the day and night, possibly from diverse global locations, and using different devices and connections, has increased markedly within most organizations. Applications and infrastructures are increasingly expected to support working out of office hours, from flexible national and international locations, by users that may have any of a myriad of connection types to their log-in accounts. <br /><br />Overall security must protect corporate IT assets in these circumstances, but IAM specifically must enable identity to be verified and used reliably and securely. Therefore, IAM must be flexibly extended to devices of all types, and be appropriate to the business needs, as well as the security characteristics, pertaining to each user&rsquo;s situation.<br /></p>

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|