IAM deals with one of the biggest threats: your own staff
People come and go. Are you sure that your ex-employees do not have access when they leave employment? Have their access rights really been revoked for all systems? Have their private accounts been disconnected from the corporate Dropbox and Drive?
Most IT managers and CSSOs are generally focused on fighting external threats: hackers, cybercriminals, ransomware spreaders. But time and again research shows that security problems typically start inhouse: your own employees. Negligence, lack of discipline, inappropriate curiosity and sometimes pure malice lead to them having access to applications and information that is not meant for them. Bringing with it risks of leakage, manipulation and sabotage.
Good Identity and Access Management (IAM) determines who the users are, what they can access and what access rights they subsequently have. ‘Can this person log in to our CRM system from this location with this laptop at this time and print client information?’ Possibly not, but they can do so during office hours from their desks. These types of questions can be tackled by implementing good IAM tools. That is no sinecure in today’s highly dynamic, mobile and connected business world.
IAM has three factors that need to be tackled together: policy, tooling and behaviour. IAM starts with setting up a good policy that looks at people, roles, applications, data, rules and risks from a risk management perspective. Your system administrators and client-facing employees have different authentication rules. That also applies to access rights. Once developed, the policy must be managed and enforced. Enforcement can largely be automated (‘Computer says No’) but also requires supervision of human behaviour (‘Do not let your colleague use your password’). And finally, good, user-friendly tooling is required to support the IAM policy.
Kahuna specialises in setting up and implementing IAM policies, selecting, implementing and managing the most effective tools, and helping to bring about behavioural change for management and employees.
Would you like to know more about Identity and Access Management ? Our account managers will be happy to help you!