Recession Makes IAM More Important Than Ever
- 18 February, 2009 08:58
Any economic downturn brings new risks to your organization. Nervous employees who fear downsizing may be tempted to gain unauthorized access to sensitive information stored across applications while temporary workers are less loyal and identity verification processes for full-time employees may not be used, making your organization more susceptible.
For this reason, identity and access management (IAM) remains a top priority for security professionals. In Forrester's "The State of Enterprise IT Security: 2008 to 2009," 82 percent of security decision-makers reported that IAM would be an important or very important issue for their IT security organization in the coming year. Forrester predicts that the IAM market will grow from nearly US$2.6 billion in 2006 to more than $12.3 billion in 2014.
Security is an issue with temporary employees because although they offer a lower-cost workforce option as they are hired and fired much more easily than permanent employees, they also bring increased risks. They lack the loyalty that permanent employees feel toward the company and may be less inclined to recognize and report inappropriate activities but they need the same thorough vetting and training as permanent employees. And, because their turnover rate is much higher than that of normal employees, temporary workers need to be provisioned and de-provisioned more often, quickly and cost effectively in large numbers.
Current employees are also a security risk as they may be nervous for the future of their position within a company. Nervous employees are often tempted to mine, steal, or destroy critical information. Monitoring and reporting access to applications and data is critical, especially when employees are at risk of leaving the organization -- voluntarily, for performance reasons, or when layoffs occur.
IAM has solutions for these problems: centralized access management for monitoring and enforcing policies for application access; advances in role-based access control to provide temporary workers with timely access and to deactivate them quickly, uniformly, and securely. Growing support for SaaS applications using federated user account provisioning and hosted IAM provider services adds incremental gains in IAM for many organizations.
Centralized access management increases security and reduces costs. Access management solutions govern centralized access to applications and data. Many of these solutions also integrate with non-Web solutions like desktop, phone, and interactive voice response (IVR), providing tight controls over who can access what data. Recent developments in adaptive and risk-based authentication allow you to put even more granular policy definition around the context of the access.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Implementing A Security Analytics Architecture
According to the 2012 Verizon Data Breach Investigations report, 99% of breaches led to data compromise within “days” or less, whereas 85% of breaches took “weeks” or more to discover. This presents a significant challenge to security teams as it grants attackers extended periods of time within a victim’s environment. More “free time” leads to more stolen data and more digital damage. Principally, this is because today’s security measures aren’t designed to counter today’s more advanced threats. Read on.
New Demands for Real-time Threat Management
Many organisations are evaluating a new security model based upon IT risk management best practices. This is a good idea, but not enough for today’s dynamic and malevolent threat landscape. To keep up with IT changes and external threats, large organisations need to embrace two new security practices: real-time risk management for day-to-day security adjustments and real-time threat management to detect and remediate sophisticated, stealthy, and damaging security breaches (i.e., advanced persistent threats, or APTs). Learn more.
Mobile Load - Performance Testing for Mobile Applications
Key mobile trends and analysis on how performance testers must change their testing methodologies to ensure they are accounting for the changes caused by mobile usage. Download today.