The digital transformation shows that the proverbial moat is no longer sufficient. Additional measures are necessary to ensure that the right person has access to the right data at the right moment. This involves an integral approach of people, process & technology.
Identity is the only constant factor in this continually changing context, and it is therefore the driving force behind security management. This is why we speak about Identity Driven Security, instead of Identity & Access Management (IAM).
Identity Driven Security, a special challenge.
IAM is a catch-all term in the market. It is discussed by the Board of Directors, but also by the system administrators who work with IAM on a daily basis. People approach IAM using their own vocabulary, which creates a need for cooperation and communication. A special challenge.
IAM is not an end in itself.
In the early years, IAM was mainly used to increase efficiency in the IT department. As from 2002, following the Sarbanes-Oxley Act (SOx) and additional rules derived from SOx, IAM was increasingly used for compliance purposes as well. Suddenly, a CFO could be held personally liable for the authorization management of the whole company. During the past years, the focus has shifted to reputation protection and risk management. In a world where cloud storage and mobile devices are widely used, the risks are becoming increasingly complex and more difficult to detect year after year. Take, for instance, big data leaks, abuse by internal staff or attacks aimed at stealing intellectual property.
We understand that IAM is not an end in itself, but that it should provide solutions for business concerns with regard to cybersecurity.
This is not only about technology, but also about taking the right measures to prevent identified risks. Of course, technology forms the core of these measures, but the technology will only achieve its purpose if the people involved are engaged in the process, and the procedures have been optimized. It is therefore that people, process & technology, specifically in that order, are the key to success.
Customer question: ‘How can I gain a better insight in risks and be prepared for them?’
Achieving a complete understanding of customer needs is not easy. In most organizations, staff with the right IAM knowledge and experience is in short supply. Nowadays, some organizations still try to develop and retain the necessary knowledge in-house, but this is only feasible for a few very large corporations. Our services are developing more and more into Managed Services and cloud-based services, where the specific IAM knowledge is no longer managed by the customer.
It is our pleasure to provide insight in your organization’s business risks and motives with our business consultancy services.
Unfortunately, numerous organizations – especially health care institutions and public bodies – are not optimally prepared for effective risk management. Because many organizations decided to maintain their own processes for the past twenty years, a lot of systems were custom-made, which resulted in solutions that are no longer attuned to the current risks and motives. For that reason, it is important that organizations start reviewing their processes, responsibilities and the quality of their data. This creates enormous challenges, but an integrated approach of people, process & technology is a prerequisite for making a transition to the cloud.
Grabowsky greatly values enhancing people’s awareness.
During training workshops, we like to look at incidents that occurred in practice, in order to create awareness that there is a reason for taking those very important steps. People must be informed about the options they have to protect their information.
‘Trusted Access Delivered’
Organizations want to be reliable partners online, and for that reason their IAM must be up to date. No organization wants to appear in the news because of a data leak. For that reason, it is important that all people who want access to an organization use the same front door. One central front door, where a ‘doorman’ decides who is granted access and to which information. This ‘doorman’ should be well-briefed and be able to recognize the people concerned. This is what Identity Assurance, Access Assurance and Activity Assurance are all about.
Whereas technology used to be kept on premise in the early days, most organizations have decided to take the next logical step – to the cloud. However, some organizations like to keep their technology on premise, for example in the critical infrastructure sector. Other companies want to keep what they have developed but choose to outsource their maintenance and development. Grabowsky always offers customers the right portfolio of products and services for their needs.