Identity and Access Management: The key to build a secure and flexible workplace

BANGALORE, INDIA: As the evolving workplace continues to embrace new technologies and trends, it keeps IT departments on their toes to keep the corporate information secure also. First we saw people ditching their good old desktops for laptops and mobiles. The evolution continues to happen at a more rapid pace than ever with the consumerization of IT , as users find an easy access to mobile and cloud-based apps; not to mention the growing popularity of Bring your own Identity culture among enterprises.

But it is also important for the organizations to understand who is accessing what, to prevent the data from being misused. Baha Masoud, Vice President Global Engineering at NetIQ, during his visit to India, explained how IT departments can leverage the Identity and Access Management (IAM) solutions to do the most difficult balancing act of protecting business while the users get to do what they want.

CIOL: Is consumerization of IT a threat for businesses from the security standpoint? How challenging is it for the IT to accommodate the change?

Baha Masoud: Consumerization of IT has become a challenge for the IT, because they are not being able to catch up fast and adapt themselves to this change. But it also presents an opportunity for them to reinvent themselves as business enabler by simplifying the processes to allow greater flexibility for the users to manage their workloads, without much intervention from the security people.

Business leaders also need to change their gate keeping mindsets to unlock the real value of it. In the wake of several high-profile data breaches, we often see CXOs coming down hard on the security people and make them restrict the user activity in such a way that it starts affecting the regular work. Therefore, it is very important to do your risk tolerance in a sustainable way so that you let people work efficiently.

CIOL: Making organizations prioritize the investment in security solutions can be very difficult for the security vendors, unless they see a clear value in them. How do you handle this challenge?

BM: The CIOs or CISOs are in the need of solutions that solve the existing problem quickly within their budgets and does this all without increasing the burden on their existing resources. But before they decide to implement anything, they also need to be aware of few things.

First, they need to think that whether the products they are buying are addressing their pain points or not. The solution sellers often come to you with a set of solutions and talks more on how they can help you with your future requirements three or four years down the line, and less on how they address your current problems. Second, the organizations often end up spending excess amounts on getting the features they don't need, not because they might need the features in future, but for the reason that they are just getting them along with the solutions they buy.

Instead, we go to organizations and help them to identify the problems that they need us to resolve first. We help them with the solutions they require at just the one-tenth cost of what the other solutions vendors are offering and show them the results within the specified time. Then we advise them on how they can make themselves future-proof from a few issues that might crop up as the organizations grow. Putting a dollar value on the benefits will also help businesses to understand the ROI better.

CIOL: Which are some of the basic issues faced by the Indian organizations today in terms of identity and access controls and how are you helping them to address those issues?

BM: Organizations in India often maintain a larger workforce than their global counterparts. Most of the time, organizations prefer to manage their identity and access policies on excel sheets. This might have worked so far for organizations with smaller workforce. But not anymore. The problem starts when they starts hiring thousands of people.

There are few Identity and Access Management challenges that people are facing in almost all the organization and we are trying to solve these problems in simpler ways, so that provisioning access as well as reviewing and revoking them becomes a cakewalk for the IT.

For example, maintaining appropriate user permissions and access can be a time-consuming activity in large organizations. Systems administrators often spend hours creating, modifying and removing credentials. Implementing an automated solution with approval capabilities can reduce the burden on administrators. It can also help you manage the Active Directory environment efficiently by eliminating the unnecessary access as well as reducing the number of users with full administrative privileges.

Password-related issues are another arduous thing that organizations face day in, day out as they continue to rely on your employees to remember a set of user names and passwords for doing things securely. This becomes even more complicated as the employees might need to access multiple applications to do their work. In this scenario, a single sign-on solutions can help the organizations streamline access to a wide range of applications and Web sites, while the self-servicing password reset solutions can reduce the number of calls to the help desk for password resets and account unlocks.

It is important to educate the users about the benefits so that they comply with good corporate governance.

CIOL: Does this help you to change the organizations' perception about Identity and Access Management?

BM: The solutions I spoke earlier, they all are low hanging fruits because businesses can see the value pretty quick. We will continue to build on that momentum and try to bring in same value in other area of concerns without adding any extra cost burden or resources. Also a few things which I feel customers in India will ask frequently from the IAM solutions vendors are the multi-vendor integration and ease of doing things.

The India market dynamics is merger and acquisition heavy now. Bringing two disparate businesses together can be critical for the companies, specially if they want all the users on board to access the key business systems from the day one. On top of that, there are the rampant BYOD culture in the workplaces and increasing dependency of businesses in cloud-based services. The increasing cost pressure will also make companies to look into the options of switching cloud providers. All these will create a humongous amount of integration and migration challenges for the businesses operating in multi-vendor environments. We see businesses will start trusting us more to make these processes convenient without compromising the security and productivity.