|
Most companies first encounter with an IAM solution arose from the desire to satisfy two very basic business needs—improving security and saving money.
As businesses began to turn to automation in an effort to get faster, cheaper and better results, the need to secure transactions became more important. At its simplest, all data driven processes need to be protected, and the more cost effectively a company can do that, the better off they are.
Consider, as an example, the Department of Welfare for one of the larger industrial states in the U.S. In early 2002, they were running into problems as their automated claims functions were becoming very difficult to navigate. For the system to properly pay claims, some 60 partners required access to data and applications stored in as many as 300 discrete, secure silos—each with its own user account and access policy—throughout the organization’s IT infrastructure. The system was time consuming, costly and inefficient to use and support.
Building appropriate security into each application, managing access rights in a rapidly changing department, and supporting users who couldn’t always recall multiple passwords and procedures, made poor use of an already taxed IT department’s fiscal and intellectual resources. Moreover, it was also making it extremely difficult to follow security policies that had been put in place to protect sensitive personal data.
The IT department initially deployed an IAM solution within one of the applications that provided services for approximately 10,000 contractors and employees located in various offices throughout the state. That number has since grown to include more than 25 applications regularly accessed by more than 35,000 users, including employees, business partners and the public at large, making a solid IAM solution even more important.
The benefits of such an IAM implementation are easily quantifiable: dramatically reduced IT overhead as accounts are created and maintained in a centralized fashion, and improved security as the potential loopholes created by multiple accounts are closed.
In this particular example, an interesting thing happened on the way to saving time and money. While initially looking at IAM as a way to better deploy their resources, two other significant benefits were realized. By simplifying the access process, they saw a dramatic increase in end user and client satisfaction. By tightening security loopholes the Department of Welfare began to better prepare itself to meet increasing compliance issues surrounding client privacy, data integrity and security, and reimbursement documentation. They also took an important step in the direction of using IAM as a risk management tool.
IT user management processes, simplifies auditing and reporting, helps achieve operational efficiencies, assists in regulatory compliance and helps ensure uninterrupted business operations.
The Rise of Risk Management
The more integrated IAM becomes in everyday business functions, the more IT evolves from dealing with machines to dealing with people. Throughout history, the biggest risk with all manner of security has been the people, not the equipment. Just ask the citizens of Troy. Their walls were high enough and their gates were plenty strong. Bad decisions by well-meaning people led to bad results.
In our modern world, people and their behavior still pose the greatest threats to the security and integrity of all kinds of data. It’s no longer just enough to manage access. IT departments are increasingly being asked to document the digital activities of everyone who makes contact with data or applications. In addition, requests to both manage and document access to data are coming fast and furious from a number of different sources both within and outside of an organization.
Internally, pressure to remain compliant starts from the top. The Board of Directors and Corporate Counsel are looking to minimize risk and exposure. High-profile security breaches have cost corporations dearly, both on a fiscal level and with their brand reputation. These events have left everyone scurrying to make sure they are covered. Once it was determined that the cost of compliance is less than the cost of potential exposure, the CIO found himself, or herself, in the risk management business.
The finance department gets into the act as CFOs and their reports look to documentation as a tool to help improve utilization, track ROI and measure organizational efficiency.
|
