October 18, 2016 By Patricia Diaz 2 min read

Everyone within an organization understands the need for basic authentication, if only for ensuring email accounts and laptops are being used by the appropriate people. But not everyone outside (or even inside) of IT sees the importance of allocating resources to identity and access management (IAM) as a standalone authority.

As a matter of fact, one of the top five IAM issues to be addressed at this year’s Gartner IAM Summit highlights just this problem. “IAM leaders struggle with getting their organizations to recognize that IAM is a distinct discipline that requires focus and commitment,” the program said.

Three Reasons to Prioritize IAM and Authentication

As such, below are three reasons why IAM, and specifically authentication, is an area that your organization not only needs to but should also want to develop.

1. All Data Breaches Are an Identity Problem

What is a data breach other than an unauthorized user accessing sensitive information? By definition, a data breach is an IAM issue, and many organizations fail to recognize that this important discipline could have the single most significant impact on reducing data breach risk. According to Verizon’s “2016 Data Breach Investigations Report,” weak, default or stolen passwords account for 63 percent of confirmed data breaches.

Furthermore, with the average cost of a data breach amounting to $4 million and growing, establishing strong protection against data breach risk is an organizationwide issue, not just an IT matter. Costs associated with data breaches continue to climb, in part due to the fact that the costs of lost business and detection are growing and churn rates have increased by 2.9 percent. As these costs increase, there is no better time than today to build up a stronger defense.

2. Security Threats Often Come From Within

Keep your enemies close and your friends closer. When it comes to securing the strongest trade secrets, upcoming launches, new offers and other sensitive data, it is easy to immediately identify the enemy looking to steal this information as a competitor or the like. But IBM’s “2016 Cyber Security Intelligence Index” reported that 60 percent of attacks were caused by insiders.

Be it knowingly, inadvertently or otherwise, insiders such as employees and third-party business partners are placing sensitive information at risk for malicious individuals to capitalize on. Therefore, it is more important than ever to ensure your authentication process is strong and continuous throughout a user session.

Why now? The number of attacks carried out by insiders has been on the rise: Whereas insiders were responsible for 55 percent of attacks in 2014, that figure bumped up to 60 percent in 2015. With no signs of slowing down, strong IAM and authentication could not be more timely.

3. With Bigger Business Comes Bigger Responsibilities

More users, more applications, more business processes. In an increasingly and already heavily digital world, IAM directly supports the growth and continuity of a business.

Sure, it is unrealistic to say that IAM enables all business growth. However, the processes of onboarding an employee, setting up a secure mobile application to interact with customers or other operations would be unsustainable if not for an IAM platform to correctly authenticate and authorize each user.

Maintaining quick and easy business support for customers and employees alike can help sustain customer satisfaction as well as the quality of future interactions with your enterprise. As Gartner noted, “IAM leaders must develop a vision and road map, build the business case and communicate architectural requirements as well as the tools needed to successfully build their IAM programs.”

More from Identity & Access

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today