These days most organizations know they need an identity and access management (IAM) solution as part of their broader cybersecurity program; what they may not know is how to make the most of their investment.
On this episode of the SecurityIntelligence podcast, Dustin Hoff, IBM Security partner and global head of IAM Services, and Bert Vanspauwen, IAM competency leader Europe, join me for a conversation about the state of identity and access management and why design thinking is critical to delivering value-driven IAM.
Why Identity and Access Management Is Fundamental
Hoff puts it simply: IAM is now a fundamental capability, and yet two-thirds of organizations don’t have an IAM program that secures business assets, supports digital transformation and enables digital trust.
Vanspauwen is not surprised by this statistic, given the fact that limited resources often leave teams just running IAM services instead of evolving them to improve security and productivity.
Boosting Customer Engagement and Trust
“IAM is now at the core of how organizations operate,” Vanspauwen emphasizes. Yet enterprises still struggle to deliver a core IAM user experience that drives long-term value. Hoff points to challenges with single sign-on (SSO), access requests and managing user privileges. Ultimately, a frictionless user experience should be the goal of any IAM program, whether corporate or consumer-facing.
The good news is that by using experienced facilitators to bring in stakeholders and uncover real pain points, it’s possible to design an IAM solution that’s focused on user needs. Improving adoption, meanwhile, starts with explaining requirements in plain language that users can understand and providing the training they need to maximize the use of IAM tools.
According to Hoff, IAM solutions that fail to meet user expectations will never satisfy service-level agreement (SLA) requirements. Boosting employee engagement and cybersecurity means first diagnosing the root cause of issues, then capturing the right performance metrics. This allows organizations to leverage IAM as a business capability rather than a collection of tools. For Vanspauwen, this leads to a split in IAM focus: While business analytics are critical for IT teams and C-suites, customers are focused on how their data is protected. Particularly in light of new privacy regulations like Europe’s General Data Protection Regulation (GDPR), companies must clearly define how they will use, store and protect data to boost consumer trust.
Improve IAM Cybersecurity With Access by Design
IBM’s Transform and Run program was built from the ground up to boost IAM cybersecurity. IBM teams identify underlying problems, then design a plan to transform capabilities and meet SLA needs. By running IAM as a managed service, enterprises benefit from continuous improvement.
When it comes to IAM, technology isn’t the problem — it’s how enterprises use that technology to deliver their solutions. Design capabilities combined with Transform and Run solutions can help deliver user-focused access by design.
If you enjoyed listening, don’t forget to subscribe so you never miss a new episode. Please also consider rating the podcast or leaving your feedback on iTunes or wherever you listen.