IAM: Looking ahead

Access & Identity Management Handbook 2017 Access Control & Identity Management, Security Services & Risk Management

The future of identity and access management (IAM) and access governance (AG) is getting clearer as every year passes and 2017 should be no exception. What I mean by clearer is that visibility into the user accounts and the access rights they have to applications and data will be become easier to see. This visibility will also come with a significantly lower cost and be implemented in a much shorter window.

Dean Wiech, MD of Tools4ever.
Dean Wiech, MD of Tools4ever.

First, let’s take a look at where the solutions themselves are going over the course of the next 12 months. The standard account lifecycle management and role-based access control (RBAC)/attribute-based access control (ABAC) functionality for access rights will continue to the main driving force that companies look at when considering an IAM/AG solution. Vendors are starting to bundle ever more functionality into these solutions to make the life of the IT department and the helpdesk easier, but to also provide a better experience for the end users themselves.

By bundling self-service and web-based single sign-on portals into the technical, back office systems needed to maintain the user accounts and set proper access rights, end-users now have the ability to perform many tasks either much simpler or on their own.

A self-service portal allows them to securely perform tasks that previously required either calling or e-mailing the helpdesk and their manager and then waiting for approvals to occur. Now a simple visit to an internal portal allows them to request additional applications, a new computer or mobile device, access to data shares or being added to a distribution group. The request is then routed to the appropriate person or persons for approval or denial. If approved, the workflow moves forward to either completion in the network or routed to the appropriate system owner for completion. The requestor has visibility into where the process is at any time and is notified when completed or rejected without further time wasted.

Single sign-on

The idea of a single sign-on (SSO) portal for web apps is not a new one. However, recent enhancements make the newest products even more useful for end-users and security professionals alike. For users, the convenience of having all of their authorised apps available from one location, and not having to enter credentials every time, has always provided an ease of use benefit. The latest and upcoming iterations of these products provide ‘any device’ functionality, meaning what they are familiar with on their desktop is now also available on their smart, mobile device. This means regardless of where they are or when they are trying to get work done, the ease of access to critical applications is never more than a couple of clicks or taps away.

For the security professionals, the ability to disable a SSO profile and immediately eliminate access for a user provides immediate peace of mind when someone leaves the organisation. However, the addition of the latest functionality also provides peace of mind while the user is employed. The ability to restrict users access to the portal, or to specific application within, can be accomplished by time and day, IP address, device type, as well as other security focused settings. Basically, this means you can restrict the finance application to one group of users only being utilised from within the network on a Windows computer between the hours of 8 a.m. and 5 p.m. A second group, possibly senior management, would be allowed to access the same application anytime, anywhere and from any device.

Lower identity costs

The other exciting trend in the IAM/AG space is that even though functionality continues to rise, the price points continue to drop, along with the time needed to implement the solutions. In the not too distant past, organisations could expect to pay upwards of $50 to $100 per user for complete functionality and expect an implementation to last between 12 and 18 months, possibly even longer. While this was certainly in the realm of reality for large multinational organisations with dedicated IAM/AG teams in-house, it was certainly out of the reach of the vast majority of small and medium businesses.

The coming year will see a continuance in the drop in the per-user pricing, most likely down to the $15 to $25 user range. Just like any technology, as more companies adopt it, the more affordable it becomes. The other interesting trend is the time to implement continues to decrease as well. Not only have the systems become more sophisticated and secure, but they have become more standardised, using templates and frameworks instead of custom development to suit a company’s requirements.

As part of this, organisations are also electing to phase in the system rather than trying to do an ‘all or nothing’ or ‘all at once’ implementation. Functionality, such as web SSO or self-service password reset, can be implemented in a few days and provide an immediate benefit and time relief to the IT and helpdesk. In turn, this new found time can be devoted to bringing up the provisioning and AG processes, again by phasing it in small, easily implementable components.

One thing is certain, as 2016 comes to a close, it is safe to say that it has been a banner year for IAM. With the better, faster, less expensive trend starting to pick up steam, the growth in 2017 should be stellar.

For more information go to www.tools4ever.com.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Stolen credentials on the Dark Web
October 2019 , Cyber Security, Security Services & Risk Management
Over 21 million credentials belonging to Fortune 500 companies, 16 million of which were compromised during the last 12 months, are up for sale.

Read more...
Enterprise security must change
October 2019 , Cyber Security, Security Services & Risk Management
The recent wave of cyberattacks against local banks has highlighted the importance of protecting data against malicious users.

Read more...
Body-worn cameras transforming security
October 2019 , CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
Police Service Northern Ireland now has over 7 000 officers using 2 500 cameras covering approximately 173 000 incidents each year.

Read more...
Protecting your customers’ data
October 2019 , Training & Education, Security Services & Risk Management
Simon Murrell, head of development and executive director at BrandQuantum says companies need to protect their customers from identity theft and data breaches.

Read more...
Biometrics: the game changer in access control
November 2019, IDEMIA , Access Control & Identity Management
For security managers, the question is no longer, should I use biometrics, but rather, which biometrics should I use.

Read more...
ViRDI UBio Tab 5
November 2019 , Access Control & Identity Management
ViRDI Distribution SA (ViRDI Africa) has announced the release of its long-awaited UBio Tablet to the South African market.

Read more...
Cloud-based access control
November 2019, Elvey Security Technologies , Access Control & Identity Management
Hattrix is a flexible and scalable security platform that marks a shift toward outsourcing security, similar to other services such as IT, HR, and legal services.

Read more...
Transforming secure access for SMEs
November 2019, dormakaba South Africa , Access Control & Identity Management
The dormakaba Matrix One access solution is an off-the-shelf access offering that is easy to use, completely secure and browser-based, making it accessible from anywhere in the world.

Read more...
Manage remote transmitters via GSM
November 2019, ET Nice , Access Control & Identity Management
ET Nice has released a new solution to set up and manage remote transmitters online and monitor access equipment via GSM.

Read more...