|
For those charged with selecting all or part of their organization’s identity and access management (IAM) solution, making the right decision may seem daunting. A comprehensive solution has many intertwined elements. New technologies and new threats are continually introduced. The information you’re faced with is complex.
This document provides a concise and comprehensive guide to helping you determine what’s most important in selecting an IAM solution. The first section briefly describes the current identity and access management landscape, and offers a high-level overview of the major elements of a comprehensive IAM solution. The second section, the IAM Solution Evaluation Matrix, contains a listing of the elements that CA’s experience has demonstrated as the most essential to a thorough IAM system. This matrix can be used as a tool for evaluating potential solutions.
Whether you are beginning to implement a broad IAM solution, or solving an immediate point problem, remember that a true commitment to IAM will rarely be a “one-shot deal.” Your organization will be adopting a new way of life that permeates your extended enterprise—a new way of life that will provide improved productivity, security, user satisfaction and ability to meet compliance and regulatory requirements.
The Growing Importance of Identity and Access Management
A confluence of business, regulatory and technology drivers is prompting many organizations to take a new look at how they support their user communities and secure their data and applications—all while keeping costs under control and continuously striving to stay ahead of the competition. Today’s organizations are also rejecting the “quick fix” approach to security which solves today’s problem, but leaves them handcuffed as their needs evolve. Instead, organizations are exploring how a sound, long-term information security strategy can not only support how and where people work, but also can provide a foundation that contributes to their overall goals. In today’s increasingly complex, fast-paced and interconnected world, this can be a major challenge—one that your organization is likely grappling with.
What factors are compelling this heightened interest in IAM?
- The explosion in the numbers and types of supported applications and user communities, inside and outside an organization’s boundaries: employees, customers, partners, vendors, regulators and auditors.
- High user expectations: quick and easy access to the information they need—when, how and where they need it.
- Worldwide growth in the number of regulatory mandate, compliance programs and quality initiatives.
- Rapid expansion of the technology and business ecosystem—the “exponential Internet” of Service-Oriented Architecture (SOA), Software as a Service (SaaS), Web 2.0 and ID 2.0.
Overlaying these drivers is the unrelenting negative publicity associated with any security breach, identity theft, data leakage or privacy violation. No CEO wants to find that their organization has made headline news because account information has been stolen or inappropriately exposed, or that a laptop containing confidential information has gone astray. The old adage that “there’s no such thing as bad publicity” just isn’t true. Identity and access problems are costly—not just in terms of real dollar losses, but because these problems undermine employee, customer and shareholder confidence in an organization.
Dealing with these new applications, users, mandates and fears falls to IT—great responsibility coupled with constant pressure to do more with less. A few of the “do more” pressures you’re facing:
- More help desk calls, often to handle minor requests stemming from password confusion. (What’s my login for this application? Is it my mainframe password that’s 16 characters, or my network password?)
- More in the moment, improvised requests for access privileges. With this comes a greater need to ensure that only appropriate privileges are granted—and revoked when they’re no longer relevant.
- With so many different user constituencies being supported, many organizations have seen a growth in the number of separate, siloed systems—each with its own approach to IAM, each with its own administrative function for handling security.
The Mandate for Control
Many users. Many identities. Many applications. Many administrators. In this environment, IT organizations face both internal and external mandates to improve control over IAM policies, procedures and processes throughout the organization. Faced with these mandates, you need to implement a system that replaces piecemeal approaches with one that is more systematic and consistent across users and applications.
|
