Modernizing Identity Management for the Next Generation
Authored by Robin Cohan, Offering Manager, IBM Security Identity Management.
Many of today’s identity management environments were implemented many years ago, when the approach to identity management was quite different. Back then, identity management was seen as more of an IT productivity tool — used to automate account life cycle operations and provide self-service password management — than a security solution.
The Evolution of Identity Management
Back then, the goal was to ensure users had the right access to data and applications in a timely manner. Cumbersome, manual administration of user privileges led to expensive IT overhead and a system that didn’t keep up with the organization’s business needs. Identity management products were focused on IT administrator users with the goal of increased productivity, including extensive use of scripting for bulk data activities. It was assumed that the users of the solutions were technologically savvy.
Now, many of those deployments, which were built on older architectures and use product versions that may be out-of-support or based on discontinued offerings, are decaying. These systems expose organizations to security threats and need to be updated.
Furthermore, identity management as a discipline has evolved greatly. Over the years, the purpose of identity management solutions has expanded. Outdated or inappropriate access rights contribute to security and compliance issues, and compliance regulations have grown more strict over the years, as well. Organizations need stringent identity and access controls if they hope to improve security and avoid regulatory sanctions.
Using Identity Tools Today
So identity management has expanded in importance, becoming a front-line tool to address enterprise access governance and compliance requirements. Tools can trace and explain user entitlements and ensure regular review and re-approval of them. Furthermore, with the large number of recently publicized identity data breaches, identity management has also become the new perimeter for securing applications against unapproved use.
Identity management enables lines of business to take an agile approach to securely providing state-of-the-art applications not just to their employees, but also to partners and customers. Beyond the traditional IT user community, often privileged access rights must be extended to external IT contractors, which presents its own set of challenges. To further complicate matters, managed applications may exist either on-premises or in the cloud.
What hasn’t changed is the ongoing need for collaboration between IT and the lines of business on the setup and review of user entitlements. Identity management today needs to address several constituent needs: IT productivity, corporate governance, end user enablement and business application agility. Yet it is often still a challenge for organizations to engage line-of-business managers in order to ensure their identity management processes, policies and architectures meet the business and security needs of the organization.
Given these trends, many organizations need to take a fresh look at their identity management deployments with an eye toward making a clean start. This means not just replacing the aging infrastructure, but also taking the opportunity to streamline policies and processes to improve their effectiveness.