IAM: Looking ahead

November 2016 Access Control & Identity Management, Security Services & Risk Management

The future of identity and access management (IAM) and access governance (AG) is getting clearer as every year passes and 2017 should be no exception. What I mean by clearer is that visibility into the user accounts and the access rights they have to applications and data will be become easier to see. This visibility will also come with a significantly lower cost and be implemented in a much shorter window.

Dean Wiech, MD of Tools4ever.
Dean Wiech, MD of Tools4ever.

First, let’s take a look at where the solutions themselves are going over the course of the next 12 months. The standard account lifecycle management and role-based access control (RBAC)/attribute-based access control (ABAC) functionality for access rights will continue to the main driving force that companies look at when considering an IAM/AG solution. Vendors are starting to bundle ever more functionality into these solutions to make the life of the IT department and the helpdesk easier, but to also provide a better experience for the end users themselves.

By bundling self-service and web-based single sign-on portals into the technical, back office systems needed to maintain the user accounts and set proper access rights, end-users now have the ability to perform many tasks either much simpler or on their own.

A self-service portal allows them to securely perform tasks that previously required either calling or e-mailing the helpdesk and their manager and then waiting for approvals to occur. Now a simple visit to an internal portal allows them to request additional applications, a new computer or mobile device, access to data shares or being added to a distribution group. The request is then routed to the appropriate person or persons for approval or denial. If approved, the workflow moves forward to either completion in the network or routed to the appropriate system owner for completion. The requestor has visibility into where the process is at any time and is notified when completed or rejected without further time wasted.

Single sign-on

The idea of a single sign-on (SSO) portal for web apps is not a new one. However, recent enhancements make the newest products even more useful for end-users and security professionals alike. For users, the convenience of having all of their authorised apps available from one location, and not having to enter credentials every time, has always provided an ease of use benefit. The latest and upcoming iterations of these products provide ‘any device’ functionality, meaning what they are familiar with on their desktop is now also available on their smart, mobile device. This means regardless of where they are or when they are trying to get work done, the ease of access to critical applications is never more than a couple of clicks or taps away.

For the security professionals, the ability to disable a SSO profile and immediately eliminate access for a user provides immediate peace of mind when someone leaves the organisation. However, the addition of the latest functionality also provides peace of mind while the user is employed. The ability to restrict users access to the portal, or to specific application within, can be accomplished by time and day, IP address, device type, as well as other security focused settings. Basically, this means you can restrict the finance application to one group of users only being utilised from within the network on a Windows computer between the hours of 8 a.m. and 5 p.m. A second group, possibly senior management, would be allowed to access the same application anytime, anywhere and from any device.

Lower identity costs

The other exciting trend in the IAM/AG space is that even though functionality continues to rise, the price points continue to drop, along with the time needed to implement the solutions. In the not too distant past, organisations could expect to pay upwards of $50 to $100 per user for complete functionality and expect an implementation to last between 12 and 18 months, possibly even longer. While this was certainly in the realm of reality for large multinational organisations with dedicated IAM/AG teams in-house, it was certainly out of the reach of the vast majority of small and medium businesses.

The coming year will see a continuance in the drop in the per-user pricing, most likely down to the $15 to $25 user range. Just like any technology, as more companies adopt it, the more affordable it becomes. The other interesting trend is the time to implement continues to decrease as well. Not only have the systems become more sophisticated and secure, but they have become more standardised, using templates and frameworks instead of custom development to suit a company’s requirements.

As part of this, organisations are also electing to phase in the system rather than trying to do an ‘all or nothing’ or ‘all at once’ implementation. Functionality, such as web SSO or self-service password reset, can be implemented in a few days and provide an immediate benefit and time relief to the IT and helpdesk. In turn, this new found time can be devoted to bringing up the provisioning and AG processes, again by phasing it in small, easily implementable components.

One thing is certain, as 2016 comes to a close, it is safe to say that it has been a banner year for IAM. With the better, faster, less expensive trend starting to pick up steam, the growth in 2017 should be stellar.

For more information go to www.tools4ever.com.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

30 years of business continuity
May 2019, ContinuitySA, Technews Publishing , Editor's Choice, Security Services & Risk Management
ContinuitySA is celebrating its 30th anniversary this year and Hi-Tech Security Solutions spoke to CEO Michael Davies about the changes he has seen in the business continuity and disaster recovery markets.

Access authentication with a wave
May 2019, IDEMIA , Editor's Choice, Access Control & Identity Management, Integrated Solutions, Financial (Industry), Commercial (Industry)
Financial organisations are making the move to contactless fingerprint biometrics in order to meet the increasing burden of regulatory and compliance demands.

The benefits of background screening
May 2019, iFacts, Managed Integrity Evaluation , Editor's Choice, Security Services & Risk Management
Companies need to be more vigilant about the people they employ by making sure comprehensive background screening checks are conducted.

Face to face with Suprema FaceLite
May 2019, Suprema , Editor's Choice, Access Control & Identity Management, News, Products
Suprema has announced the launch of FaceLite, the new generation compact face recognition terminal designed for enterprise access control as well as time and attendance applications.

ASSA ABLOY showcases latest digital access solutions
May 2019, ASSA ABLOY South Africa , Editor's Choice, Access Control & Identity Management, News
ASSA ABLOY hosted a breakfast at the Country Club Johannesburg in Woodmead on 2 April, to showcase the company’s latest and greatest digital access solutions.

Keyless access control launched in Africa
May 2019, FS-Systems , News, Access Control & Identity Management, Agriculture (Industry)
FS-Systems launches a cutting-edge keyless access control solution for the critical infrastructure environment across the African market.

Know your customer/criminal
May 2019, ZKTeco , Financial (Industry), Access Control & Identity Management
Biometric facial recognition is becoming the most powerful way to prevent bank robberies and fraud.

Simplifying fire detection system installations
May 2019, Elvey Security Technologies , Editor's Choice, Fire & Safety, Security Services & Risk Management
A fire detection system needs to be selected with extreme care, as is selecting an installer that not only understands the various technologies employed in fire detection, but that also has the necessary accreditations and certifications.

Security workforce management platform
May 2019, Secutel Technologies , CCTV, Surveillance & Remote Monitoring, Integrated Solutions, Security Services & Risk Management
Secutel Technologies says the South African market is excited about body-cam technology and clearly sees the potential benefits.

Solar energy storage systems
May 2019, Specialised Battery Systems , Products, Security Services & Risk Management
Specialised Battery Systems has a range of Energy Storage Systems (ESS) available, both standard and custom designed to suit customer requirements.