Several years ago while I was working as an Account Manager at CA, there was an incredible interest stirring in Identity and Access Management (IAM) systems to satisfy regulatory compliance, streamline the provisioning and de-provisioning of software, simplify the end-users password experience and, to allow the end user to automate the whole password reset process if the user was locked out of a private network.
It was amazing to me how complex all of these systems are as stand alone solutions, however the greatest value and return on investment comes when all the systems were working together in unison. Can you imagine the amount planning and system modifications that have to be made to reach that level of integration? Usually there would be an immediate need for one piece of the system over another, say password reset over password synchronization, but generally there was the goal of one day implementing the whole solution.
It is obvious to me the benefits of IAM systems, and I thought surely this would be the next frontier of opportunity in the security sector. However, what has surprised me, is how the technology has not advanced much to ease the complexities of implementation to where the benefits far outweigh the cost of implementation making adoption an easy decision.
It still amazes me when I hear about friends going back to work and companies, that they had previously left, and all their ID's and application access was still there! (just like they never left). Pretty scary!
The other big area with IAM systems that really has never been addressed in a good way, is password synchronization. How many systems do we have to remember passwords for on a daily basis. As end users, are we using the same password for each system we try to access, so if one were to be stolen, the thief might have access to all systems that user had access to? This is a great security vulnerability. And what about our home systems? Think of all the applications and web access portals we use every day, and do not have any secure way to safeguard those passwords and to randomly, periodically mix them up so that if you were ever to get your ID stolen you could quickly go to one place and turn them all off.
I still think there is a great deal of improvement needed with the technology before you will see a overwhelming adoption of Identity and Access Management Systems. I do not think one vendor has taken a clear lead and has put this technology on the map to make it a must have solution set. The market is wide open and if you consider what could be done on the consumer level the opportunities abound. Take it one step further, and look at what tight integration with Network Access Control (NAC) systems could do for you.
The possibilities are endless. There are companies like StillSecure that have the vision, and are trying to get there as quickly as possible. One day it will be here, and the supplier of the technology, will be able to write their own ticket!
Have a great one!!!
Jack
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment