Recent IT Security Breaches Make Review Their IAM Strategies
Date: Sunday , July 01, 2012
The last 12 months have seen numerous newspaper articles detailing IT security breaches involving companies from all around the world. The enterprises affected by these breaches have experienced significant losses in terms of recovery costs, market capitalization and brand damage. In examining these breaches, the majority of them share a common thread in that they involved some type of "unauthorized access" (whether from internal or external threats) to corporate applications and sensitive data. As a result, enterprises have re-examined their current Identity and Access Management (IAM) processes and have begun to look for new IAM approaches to ensure that their organizations are safe from access-related security breaches, optimize the operational costs associated with access control and meet their internal and external compliance requirements.
In the process of evaluating their current IAM processes, many organizations have realized that the traditional IT-centric approaches they have implemented for Identity and Access Management have not only been both costly and ineffective, they have left them vulnerable to security breaches and failed audit reviews. Traditional IAM approaches have failed due to their IT-centric approaches that consist of architectures and processes that are fragmented, complex and ill-equipped to deal with the pace and types of changes within an organization. The end result is an IAM process that is economically not sustainable, doesn't deliver the assurance needed to meet both internal and external compliance requirements, and that lacks the business context needed to make accurate access-related decisions. In order to keep pace with today's modern enterprise, which includes the need to manage user access for both on-premise, SaaS, mobile and unstructured data, companies today need to implement a business-driven approach to Identity and Access Management which empowers the lines of business that actually have ownership of enterprise applications and data to efficiently control access to those resources. By doing so, companies can provide full business context across Identity and Access Management systems, connect to the full set of key applications and data resources, significantly lower the total cost of ownership and scale to modern enterprise environments.
A business-driven approach to Identity and Access Management enables the line of business to take accountability and responsibility for making access decisions, within the controls, processes, and policies defined by Information Security. By transforming complex application and infrastructure entitlements into a simple business view of access across the enterprise, this type of approach provides the line of business with full visibility of access to their applications, and allows businesses to provide the context required to make the most efficient and effective identity and access management decisions.
Enterprises thereby can assemble the appropriate detective, corrective and preventive controls required to provide a 360 degree control over identity and access. As a result, enterprises can significantly lower the total cost of ownership for their Identity and Access Management initiatives.
In order to eliminate the risk of access-related security breaches as well as to meet regulatory requirements, enterprises must have an effective approach to Identity and Access Management. By implementing a business-driven approach to IAM, enterprises can ensure its access-related processes are in full alignment with the business and are both risk-proof and audit-proof.
Headquartered in Waltham, MA, Aveksa is a provider of comprehensive, enterprise-class, access governance and management solutions. It helps IT organizations reduce access management complexity and increase operational efficiency, while minimizing risk and ensuring sustainable compliance.