Identity Driven Security, a special challenge.
The digital transformation makes it clear that the proverbial moat no longer suffices and that additional measures are needed to ensure that the right person has access to the right information at the right time. In this continuously changing context, identity is the only constant factor and as a result it drives security. Grabowsky calls this concept Identity driven Security instead of Identity and Access Management (IAM).
In the market IAM is a catch-all term. When audits are on the agenda, they are discussed by the Board of Directors, but the engineer in the operation is also working with it. Everyone approaches IAM in their own vocabulary and it requires cooperation and coordination. A special challenge.
IAM is not an end in itself.
Initially, IT worked on IAM for efficiency gains. From 2000 onwards, SOx – and everything that has been added later in terms of supervision and regulation – added the compliancy component. Suddenly, the CFO became jointly and severally liable for authorization management. In recent years, the focus has shifted to risk; in a world where cloud and mobile have grown enormously, the risks are more complex each year and the number is growing each year again. “Think of large data leaks, the police mole (abuse by internal employees) or attacks aimed at obtaining intellectual property”. Grabowsky understands that IAM is not an end in itself, but that it must provide a solution to the concerns of the business. It’s not just about the technology, but you want to take measures against the identified risks. Of course, at the core of this measure is a piece of technology, but it only works if the people around it is taken into account and the processes are being optimised.
With business consultancy, we like to give organisations insight into their risks and motives. Everyone agrees that it’s all about people, process and technology, with an emphasis on that order.
The customer’s question: “I want insight into my risks; how can I anticipate them?”
Understanding the customer’s question right down to the last detail is not an easy task. Most organisations experience a lack of good human knowledge and experience in the field of IAM. Organisations still want to develop and retain the knowledge for themselves, but that is only feasible for very large companies. Our services are increasingly shifting towards Managed Services and the cloud, where the real specific knowledge no longer lies with the customer. With business consultancy, we like to give organisations insight into their risks and motives. Everyone agrees that it’s all about people, process and technology, with an emphasis on that order.
Unfortunately, many organisations, particularly in the health care and government sectors, are not yet optimally prepared for effective risk management. Because many organizations wanted to maintain their processes over the past twenty years, a great deal of customization has been built with the result that these solutions no longer fit in with today’s risks and motives. That is why it is important for organisations to look at their processes, their responsibilities and the quality of their data. These are enormous challenges, but a prerequisite for making the transition to the cloud. That is why Grabowsky attaches great importance to strengthening people’s awareness. During workshops, we like to use incidents from an organisation’s own practice in order to create the awareness that we are not taking these steps for nothing.
‘Trusted Access Delivered’
Organisations want to be reliable online, which is precisely why their IAM needs to be right. No organization wants to be in the News because of a data leak. It is therefore important that everyone who wants access to an organization uses the same front door. The ‘doorman’ decides who gets access and to what information. The ‘doorman’ must be well briefed and recognize the people. We are talking about Identity Assurance, Access Assurance and Activity Assurance. And where the technology operates doesn’t matter. The step to the cloud is now a logical one for most organisations. Some organisations keep their systems on premise, for example in the critical infrastructure. Other companies want to safeguard what they have built up, but want to outsource maintenance and development. We are happy to help those customers with our Managed Services.