The introduction of the “internet of things” into our world has added billions and billions of new mobile devices. And with the addition of all these new digital identities, businesses are being forced to move away from just managing security via firewalls and simple “yes or no” rules to introducing full-blown identity and access management, or “IAM.”
The simplified definition of IAM boils down to two main concepts:
- Identity: Is the person, device, or thing that is trying to access your corporate website actually who and what they say they are? Or are they an imposter?
- Access: Does this person, device, or thing have the correct permissions to access your internal network, your email server, your CRM, or your website? Historically, a successful login to your system would allow you nearly unfettered access to the network; but, today, we’re ensuring that the right people have access to the right data, from the right devices, from the right places, at the right times.
In the past, identity and access management was analogous to physically blocking the wrong people from investigating sensitive information in, let’s say, a file cabinet in your manager’s office. But today, with digital networks and filing systems that spread far beyond the constraints of a physical location, businesses are installing IAM software to do part of the job that a sharp-eyed admin once did.
No Longer a Security Add-On
With businesses beginning to house a significant portion of their data in the cloud, the problem of hackers, bots, nation-state attacks, malcontents, and perhaps unwitting employees are problems that must be addressed… and quickly! It is rapidly becoming obvious that IAM is a key security program to invest in, because everyone has become a target. And it’s not just businesses that are at risk. You and your family are at risk, too. Cybercriminals are getting shrewder, data networks are getting more complex, and the world is becoming a dicey place without effective IAM.
The rise of IoT is also changing the way we look at IAM. Saniye Burcu Alaybeyi, research director at Gartner strongly believes that “IAM will soon become, if not already, an integral part of each and every IoT solution.” In fact, more than 20 billion IoT devices will be in use worldwide by 2020, according to Gartner.
Going Beyond Contextual Signals
To manage and protect all of this data, IAM is evolving to control not only employees, but also customers, mobile devices and any “things” connected to a business’s network. As a result, IAM systems are now incorporating contextual “signals” to determine someone’s identity – a username and password are no longer good enough. This system gathers additional information, such as time of day, login location, operating system, browser, IP address, and much more to create a well-rounded profile or “fingerprint” of the person, device, or thing trying to access a network. So, if anything suspicious crops up in the access attempt that doesn’t match the employee’s contextual signals, then the IAM system quickly identifies the problem, isolates the device/user, restricts access, and stops the danger/infiltration.
Top 5 IAM Trends
While contextual signals are great for determining someone’s identity, this functionality is now opening five new areas of interest around identity and access management:
- Passwords are passé.
IAM can make access to a network more convenient by removing the barrier of a password and replacing it with the ability to recognize the user’s location of the login and determine whether they are approved to use a corporate device. This can also be more secure by NOT allowing access if a device is outside an approved area. For example, a doctor’s tablet can be denied access to records if they’re not physically in the hospital.
- Digital experiences are tailored to you.
Businesses can customize their network authentication process however they want, such as audience, employee, consumer, geography, browser, device, etc. Some places do this now, allowing you to see different pages/prices based on your location and device.
- Lack of knowledge about data privacy is a thing of the past.
Consumers want more visibility into what a business knows about them, what they are doing with their data, and who they are sharing it with. IAM makes it easy for businesses to quickly locate and share this information with the consumer and provide audit records where necessary – consider the ramifications of GDPR (General Data Protection Regulation) in the European Union.
- Day-to-day operations can be more efficient.
IAM can provide businesses with data for a lot of different uses, such as customer profiling, performance data, sales results, etc. This vital information can provide a competitive edge and drive loyalty and revenue – basically improving a business’s overall business model. Additionally, internal onboarding and role changes can be systematically provisioned via IAM. For example, when users move internally, access is automatically granted/denied based on role, location, and time of day, if necessary.
- Automated contextual awareness is the way of the future.
Simple usernames and passwords are no match for context-aware IAM, which is inherently more secure. Because of the profile information that it collects, an IAM system can detect non-approved devices that are attempting to gain access and then automatically shut them down to eliminate potential damage. This move to a policy-based system prevents “one-off” access lists and also allows for far greater granularity and scale.
Helping to Serve Your Customers Better
IoT-ready platforms allow you to secure nearly any mobile device that accesses your business and data. AIM is quickly becoming more than just a security tool – it is becoming a standard part of security toolsets that will help you serve your internal and external customers better, while at the same time providing a new and exciting way for you to grow your business.
Let Arrow help you start planning for the future with our IoT and Identity and Access Management solutions.
Contact Davitt Potter at firstname.lastname@example.org for more information.
Last modified: May 3, 2019