Access Management Increases Security, Cuts Costs

Friday, April 22, 2016

Dean Wiech


While organizations are constantly trying to reduce spending, there are certain areas that they actually aren’t cutting back on and are actually increasing budgets. Several recent surveys and studies have shown that organizations in both the US and UK continue to invest heavily in identity and access management (IAM) solutions.

The main reason why respondents said they were continuing to invest are somewhat obvious: security issues. As technology continues to advance in an attempt to become more secure, hackers and their ways of breaching an organizations network also become more sophisticated. IAM solutions must be able to protect against advanced attack, as well as secure new technology, such as mobile devices and cloud applications.

The second priority for the continued investment in IAM solutions is an attempt to save money in the long run. Though IAM solutions require an initial investment, they help organizations save money in many areas of the company over time.

Continued Security Threats

No matter how secure you think your organization’s network is there are always hackers, both outside and within, the company that will find ways around your company’s security measures. IAM solutions continually evolve to stay one step ahead of these hackers and keep the network safe. Not only do organizations need to ensure the security of their in house computers, but they also now need to do that same for the many mobile devices which employees are using outside of the network to access cloud applications. Any type of hack, whether large or small, can cost the organization a great deal, which is why they believe this type of investment in a solution is important. So how can an IAM solution help with security?

Most importantly, the organization needs to ensure correct access rights for their entire network and applications being used inside and outside the organization. IAM solutions allow for automation of account management which can ensure security while also making it easy to achieve. For example, when an employee joins the organization they need to receive the correct access rights. Automation allows for the account to be set up both easily and accurately so that the employee doesn’t accidently receive too many, or too few, access rights. A manager or member of the HR department simply adds the employee to the HR system and can easily have accounts in any system or application automatically created for them.

The organization needs to ensure that access is revoked once the employee is no longer with the organization; one of the most common access issues. An IAM solution can allow for a manager to easily disable an account to ensure that this critical process is not overlooked. For example, when an employee leaves the organization, a manager can easily disable the employees account in the source system, for example, PeopleSoft, and have all of their accounts and access rights revoked with one click, ensuring that they no longer have access.

In a similar fashion to how IAM solutions automate the account management process for in-house applications, they can also can be set up to seamlessly work with cloud applications, such as Office 365, Google Apps, TOPdesk, etc. This allows a manager to easily create, change or disable the accounts of an employee who has left the organization, which ensures security of the network and data.

This is just one of the basic parts of an IAM solution. There are many other modules that help with security as well. For example, another way that access rights can be monitored is with an attestation module. The network and applications can be scanned on a regular basis for the current access rights which are compared against a predefined matrix, which contains the standard or accepted rights. If any differences are found, the attestation module will alert a manager and system owner for review. If this difference is okay, an electronic signature should be sent. If the rights are found to be unauthorized, a workflow process can automatically remove the rights, with notifications emails to the appropriate parties involved.

Long-term Investment

Though IAM solutions are an investment at first, over time they actually save the organization a substantial amount of money. This is mainly because there no longer needs to be one or more full-time employees handling account management, and these employees can be utilized elsewhere in the organization. IAM solutions automate the complete end user lifecycle, requiring little to no manual tasks be performed. For example, in education, at the beginning of each semester, several employees need to dedicate days of their time just to add new students and employees and move graduates to alumni status.

Another way IAM solutions can save money is through licensing costs. Organizations tend to not review how many licenses they are paying for and how many are actually being used. This has also been a major issue with employees who leave the organization. Often, an ex-employee will still have access to an application that the company is unknowingly paying for. Many IAM solutions provide an overview of access rights, allowing managers to see exactly who has access to what systems and applications to ensure they are paying for the correct number of licenses. If there are any errors in access rights, an automated account management solution allows them to easily be corrected.

Over the years, IAM solutions have become very flexible, making them more cost efficient to implement. An organization can easily pick and choose which modules their organization needs and customize it to their needs. So, a smaller company does not need to purchase a large enterprise IAM solution, and can chose the modules that they need for their immediate issues.

So, while IT spending may be cut back, investments in IAM solutions continue to grow because of security issues, flexibility and an overall cost savings.

Possibly Related Articles:
Budgets Enterprise Security
breaches Account Management IAM security threats
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.