- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
CIO - Increased adoption of cloud services, combined with the BYOD (Bring Your Own Device) phenomenon, is causing identities and access rights to proliferate throughout the enterprise, putting ever-greater stress on organizations to go beyond perimeter defenses to secure access to sensitive information.
According to a survey conducted by Symantec and the Cloud Security Alliance at the CSA Summit this past winter, 90 percent of organizations consider control of who can access which cloud applications to be one of the most important factors affecting cloud adoption.
It's also a complicated and potentially costly factor.
For instance, imagine an organization that uses Salesforce for its CRM and also allows employee access to Salesforce through personal mobile devices. If an employee leaves the organization, IT must deprovision the employee's network access. But it must also shut down Salesforce access rights, or else the former employee will continue to have access to valuable customer information. For many organizations, that's still a largely time-intensive and manual process.
As more and more resources and data move to the cloud, where they can be accessed by devices of all sorts, the traditional concept of security via protecting the perimeter and end-points begins to break down. The perimeter is no longer a sharp line; it is a much fuzzier concept. This is breeding new attention for identity and access management (IAM) systems that focus on identity lifecycles and access controls.
As Chris Zannetos, CEO of IAM specialist Courion, puts it, the goal of IAM solutions is to "ensure that the right people have access to the right resources&and that they are doing the right things with that access."
IAM Based on Manual Processes Becomes Impossible in Large Organizations
The larger the organization, the more unwieldy a manual approach becomes. Courion COO Dave Fowler points to one client, a financial institution with key financial assets it must protect, with 30,000 employees and about 1,000 applications to support.
"When you multiply out the number of employees, times the number of identities they have, times the access rights they have within those applications, and you look at the number of connections that creates, it's hundreds of millions of relationships," he says. "You can't possibly monitor that through a manual process on a daily basis."
Provisioning access rights can be just as challenging as deprovisioning them, Fowler says.
"When I start up a new employee, if I can't automate the process of bringing him onboard, then I lose valuable employee time," he says. "If it takes five or six days, that's five or six days of lost time." That's not just an efficiency issue. It can have severe consequences for security and compliance as well, Fowler says.
For instance, in healthcare, hospitals can bring on hundreds of new residents in a one-week period. "If they can't get provisioned to the things they need access to in order to do their work, what do they do?" Fowler asks. "They end up working around the system. Doctors give their system access information to residents, just so they can get their work done."