IAM: Looking ahead

Access & Identity Management Handbook 2017 Access Control & Identity Management, Security Services & Risk Management

The future of identity and access management (IAM) and access governance (AG) is getting clearer as every year passes and 2017 should be no exception. What I mean by clearer is that visibility into the user accounts and the access rights they have to applications and data will be become easier to see. This visibility will also come with a significantly lower cost and be implemented in a much shorter window.

Dean Wiech, MD of Tools4ever.
Dean Wiech, MD of Tools4ever.

First, let’s take a look at where the solutions themselves are going over the course of the next 12 months. The standard account lifecycle management and role-based access control (RBAC)/attribute-based access control (ABAC) functionality for access rights will continue to the main driving force that companies look at when considering an IAM/AG solution. Vendors are starting to bundle ever more functionality into these solutions to make the life of the IT department and the helpdesk easier, but to also provide a better experience for the end users themselves.

By bundling self-service and web-based single sign-on portals into the technical, back office systems needed to maintain the user accounts and set proper access rights, end-users now have the ability to perform many tasks either much simpler or on their own.

A self-service portal allows them to securely perform tasks that previously required either calling or e-mailing the helpdesk and their manager and then waiting for approvals to occur. Now a simple visit to an internal portal allows them to request additional applications, a new computer or mobile device, access to data shares or being added to a distribution group. The request is then routed to the appropriate person or persons for approval or denial. If approved, the workflow moves forward to either completion in the network or routed to the appropriate system owner for completion. The requestor has visibility into where the process is at any time and is notified when completed or rejected without further time wasted.

Single sign-on

The idea of a single sign-on (SSO) portal for web apps is not a new one. However, recent enhancements make the newest products even more useful for end-users and security professionals alike. For users, the convenience of having all of their authorised apps available from one location, and not having to enter credentials every time, has always provided an ease of use benefit. The latest and upcoming iterations of these products provide ‘any device’ functionality, meaning what they are familiar with on their desktop is now also available on their smart, mobile device. This means regardless of where they are or when they are trying to get work done, the ease of access to critical applications is never more than a couple of clicks or taps away.

For the security professionals, the ability to disable a SSO profile and immediately eliminate access for a user provides immediate peace of mind when someone leaves the organisation. However, the addition of the latest functionality also provides peace of mind while the user is employed. The ability to restrict users access to the portal, or to specific application within, can be accomplished by time and day, IP address, device type, as well as other security focused settings. Basically, this means you can restrict the finance application to one group of users only being utilised from within the network on a Windows computer between the hours of 8 a.m. and 5 p.m. A second group, possibly senior management, would be allowed to access the same application anytime, anywhere and from any device.

Lower identity costs

The other exciting trend in the IAM/AG space is that even though functionality continues to rise, the price points continue to drop, along with the time needed to implement the solutions. In the not too distant past, organisations could expect to pay upwards of $50 to $100 per user for complete functionality and expect an implementation to last between 12 and 18 months, possibly even longer. While this was certainly in the realm of reality for large multinational organisations with dedicated IAM/AG teams in-house, it was certainly out of the reach of the vast majority of small and medium businesses.

The coming year will see a continuance in the drop in the per-user pricing, most likely down to the $15 to $25 user range. Just like any technology, as more companies adopt it, the more affordable it becomes. The other interesting trend is the time to implement continues to decrease as well. Not only have the systems become more sophisticated and secure, but they have become more standardised, using templates and frameworks instead of custom development to suit a company’s requirements.

As part of this, organisations are also electing to phase in the system rather than trying to do an ‘all or nothing’ or ‘all at once’ implementation. Functionality, such as web SSO or self-service password reset, can be implemented in a few days and provide an immediate benefit and time relief to the IT and helpdesk. In turn, this new found time can be devoted to bringing up the provisioning and AG processes, again by phasing it in small, easily implementable components.

One thing is certain, as 2016 comes to a close, it is safe to say that it has been a banner year for IAM. With the better, faster, less expensive trend starting to pick up steam, the growth in 2017 should be stellar.

For more information go to www.tools4ever.com.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Improved security health check tool
Gallagher Access Control & Identity Management Products
Gallagher Security has streamlined its free Security Health Check tool, making it easier than ever to protect against potential system risks and improve business efficiencies.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Suprema showcases integrated security solutions
Suprema Access Control & Identity Management Products
Apart from being an access terminal that supports multiple credentials such as facial recognition, RFID, mobile and QR codes, the BioStation 3 also supports VoIP Intercom and real-time video monitoring features to make it a truly multi-functional reader.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Local electronic locks
Access Control & Identity Management
YeboTech is an electronics manufacturing company, founded in 2005, which designs, markets and sells an electronic key and locking systems, aimed at replacing all conventional mechanical locks.

Selecting the correct access control system
Enkulu Technologies Access Control & Identity Management
Frazer Matchett, Managing Director of Enkulu Technologies, suggests the right questions to ask when selecting an access control solution; not just the access system, but the integrated solution that fits your requirements.

Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.

Paxton secures multi-tenant office in Cape Town
Paxton Integrated Solutions Access Control & Identity Management Products
Cecilia Square in Paarl, Cape Town is an office building from where several businesses operate. The multi-tenant site has recently undergone a full refurbishment, including a complete upgrade of its security system for access control.

AI face recognition OEM module
Suprema News Access Control & Identity Management Products
Suprema AI, a company specialized in artificial intelligence–based integrated security solutions, recently launched its high-performance face recognition OEM module called ‘Q-Face Pro’ in response to the growing need for contactless security solutions.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.