Authored by Robin Cohan, Offering Manager, IBM Security Identity Management.

Many of today’s identity management environments were implemented many years ago, when the approach to identity management was quite different. Back then, identity management was seen as more of an IT productivity tool — used to automate account life cycle operations and provide self-service password management — than a security solution.

The Evolution of Identity Management

Back then, the goal was to ensure users had the right access to data and applications in a timely manner. Cumbersome, manual administration of user privileges led to expensive IT overhead and a system that didn’t keep up with the organization’s business needs. Identity management products were focused on IT administrator users with the goal of increased productivity, including extensive use of scripting for bulk data activities. It was assumed that the users of the solutions were technologically savvy.

Now, many of those deployments, which were built on older architectures and use product versions that may be out-of-support or based on discontinued offerings, are decaying. These systems expose organizations to security threats and need to be updated.

Furthermore, identity management as a discipline has evolved greatly. Over the years, the purpose of identity management solutions has expanded. Outdated or inappropriate access rights contribute to security and compliance issues, and compliance regulations have grown more strict over the years, as well. Organizations need stringent identity and access controls if they hope to improve security and avoid regulatory sanctions.

Using Identity Tools Today

So identity management has expanded in importance, becoming a front-line tool to address enterprise access governance and compliance requirements. Tools can trace and explain user entitlements and ensure regular review and re-approval of them. Furthermore, with the large number of recently publicized identity data breaches, identity management has also become the new perimeter for securing applications against unapproved use.

Identity management enables lines of business to take an agile approach to securely providing state-of-the-art applications not just to their employees, but also to partners and customers. Beyond the traditional IT user community, often privileged access rights must be extended to external IT contractors, which presents its own set of challenges. To further complicate matters, managed applications may exist either on-premises or in the cloud.

What hasn’t changed is the ongoing need for collaboration between IT and the lines of business on the setup and review of user entitlements. Identity management today needs to address several constituent needs: IT productivity, corporate governance, end user enablement and business application agility. Yet it is often still a challenge for organizations to engage line-of-business managers in order to ensure their identity management processes, policies and architectures meet the business and security needs of the organization.

Given these trends, many organizations need to take a fresh look at their identity management deployments with an eye toward making a clean start. This means not just replacing the aging infrastructure, but also taking the opportunity to streamline policies and processes to improve their effectiveness.

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today