Tuesday, 27 February 2018

Five Key Access Management Considerations for 2018

In the first half of 2017 alone, the volume of cyber-attacks doubled compared to the same period just one year earlier. There is no doubt that the security threat to businesses is growing; cyber crime is rarely out of the news. With upcoming legislation, such as the EU GDPR (General Data Protection Regulation) or the Payment Services Directive (PSD 2), coming into force, organisations will have to prove they are making every effort to protect data, providing clear audit trails of what is accessed, when and by who. Whether you’re just starting out, or are looking to improve your existing access management strategy, the following five considerations are key in 2018.

1. Simplify your infrastructure by consolidating access management technology


Often, organisations have multiple solutions in place to manage strong and adaptive authentication, Web Access Management, Mobile Access Management, Enterprise Single Sign-On (ESSO), and Identity Federation. There is little technology available that enables organisations to manage all of these systems from a single platform. Using a number of disparate access management solutions can be problematic and provide a splintered view of user access.

To best ensure access is secure and properly regulated, it’s important to have a single and reliable view of all user access across all access points. Single platforms produce a clear audit trail, which is much simpler to control and manage. Employees are able to clearly see their rights, and managers are better equipped to control access and determine entitlements for employees.

2. Be aware of who has access to sensitive data and applications


More employees are working remotely, yet they still demand quick and easy access to applications they would have in the office. This extension of applications outside of organisations may present problems when managing user access. A lack of control over access to sensitive applications from internal and external users can result in critical data loss, security breaches and the disclosure of confidential information.

To maintain compliance with legislation such as GDPR, organisations will need to show they hold personal data securely in terms of accessibility and encryption. This also means knowing exactly who is able to access this data.

3. Enable your workforce to work securely on any device


Bring Your Own Device (BYOD) and the use of mobile devices is fast becoming the norm. Deployment of these devices can often cause headaches for IT security managers, as well as employees wishing to use mobile devices efficiently. Increasing demands from the business means that mobile devices need to be fully supported to enable employees to access the network securely. Not being able to provide a high level of security across all devices used to access sensitive information is a major security risk.

4. Keep access traceability of a constantly changing workforce


Organisations are always going through workforce changes. Managing the movement of staff and the necessary changes to entitlements can present a challenge that is often overlooked. Not being able to manage these changes quickly and effectively can lead to dormant accounts being left open – an easy way for cyber criminals to gain access to sensitive data.

5. Increase authentication and bring single sign-on to end-users


Access can be managed through a range of methods; passwords, ID and additional forms of identification can often be required. It can be difficult for individuals to use different access methods for each application and having to remember multiple passwords. The confusion can lead to a security breach, with people using overly simple passwords, writing them down or constantly changing them. This flawed approach increases the risk for organisations and means they are unable to enforce strict IT security policies, as well as increasing pressure on the IT department.

Access management should be a key consideration for all organisations in 2018. The implications of not having a secure and comprehensive solution in place can have severe consequences, as we have seen time and time again in security breaches reported throughout 2017. Having a comprehensive access management system in place not only eliminates this as a concern, but means your employees can work freely and efficiently, without having to worry about a complex sign on process differing across each device.

Read the full paper, Five Key Access Management Considerations to Consider in 2018, here.

Monday, 12 February 2018

How to overcome the common misconceptions around Identity and Access Management

Identity and Access Management (IAM) can no doubt bring many benefits to an organisation; increased security, greater usability and better flexibility across devices. However, IAM is not a magical solution that can solve all organisational issues. Unfortunately, before starting out on implementing an IAM solution that’s exactly how some organisations view it.

Here we take a look at the common misconceptions people have when it comes to Identity and Access Management projects and how these can be overcome to ensure a successful and effective implementation.

IAM is a ‘magic bullet’


Unfortunately, IAM is not a spell you can cast to solve organisational blurred lines, inconsistent definitions of job roles and responsibilities or technical deterioration that renders applications and standards incompatible.

If this is what is being expected of IAM, you need to make sure to prevent disappointment further down the line by:
  • Evaluating your IAM maturity
  • Set out a roadmap to increase maturity levels
  • Specify the requirements for each step, in order to get the most out of IAM

It’s important to be realistic and clearly communicate the scope of your project, even at initial stages, across all organisational levels. If necessary, make sure to adapt to market technologies, internal processes, budget etc.

Manage the project yourself to save time and resource


IAM is cross-functional so the implementation of this type of project will impact the entire organisation. It is essential to communicate and involve all stakeholders. Not just IT, but human resources, general management, auditors, legal and so on. To aid in smooth implementation, make allies with all of these departments. Help them to resolve concerns they may have about the project from the outset.

It’s crucial to educate the entire organisation, from board level down and overcome any misconceptions around Identity and Access Management. If everyone is not on the same page about the goals you’re aiming for with the IAM implementation, the likelihood is that problems will occur further down the line.

In our latest paper, Reasons to get started on an Identity and Access Management project, we explore the challenges that can occur during an IAM project and best practices for ensuring success. You can read the full paper here.

To find out more about Ilex International’s range of Identity and Access Management solutions, click here.