Authored by Robin Cohan, Offering Manager, IBM Security Identity Management.

Many of today’s identity management environments were implemented many years ago, when the approach to identity management was quite different. Back then, identity management was seen as more of an IT productivity tool — used to automate account life cycle operations and provide self-service password management — than a security solution.

The Evolution of Identity Management

Back then, the goal was to ensure users had the right access to data and applications in a timely manner. Cumbersome, manual administration of user privileges led to expensive IT overhead and a system that didn’t keep up with the organization’s business needs. Identity management products were focused on IT administrator users with the goal of increased productivity, including extensive use of scripting for bulk data activities. It was assumed that the users of the solutions were technologically savvy.

Now, many of those deployments, which were built on older architectures and use product versions that may be out-of-support or based on discontinued offerings, are decaying. These systems expose organizations to security threats and need to be updated.

Furthermore, identity management as a discipline has evolved greatly. Over the years, the purpose of identity management solutions has expanded. Outdated or inappropriate access rights contribute to security and compliance issues, and compliance regulations have grown more strict over the years, as well. Organizations need stringent identity and access controls if they hope to improve security and avoid regulatory sanctions.

Using Identity Tools Today

So identity management has expanded in importance, becoming a front-line tool to address enterprise access governance and compliance requirements. Tools can trace and explain user entitlements and ensure regular review and re-approval of them. Furthermore, with the large number of recently publicized identity data breaches, identity management has also become the new perimeter for securing applications against unapproved use.

Identity management enables lines of business to take an agile approach to securely providing state-of-the-art applications not just to their employees, but also to partners and customers. Beyond the traditional IT user community, often privileged access rights must be extended to external IT contractors, which presents its own set of challenges. To further complicate matters, managed applications may exist either on-premises or in the cloud.

What hasn’t changed is the ongoing need for collaboration between IT and the lines of business on the setup and review of user entitlements. Identity management today needs to address several constituent needs: IT productivity, corporate governance, end user enablement and business application agility. Yet it is often still a challenge for organizations to engage line-of-business managers in order to ensure their identity management processes, policies and architectures meet the business and security needs of the organization.

Given these trends, many organizations need to take a fresh look at their identity management deployments with an eye toward making a clean start. This means not just replacing the aging infrastructure, but also taking the opportunity to streamline policies and processes to improve their effectiveness.

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read