An IAM strategy should define the effective, controlled and flexible connections between users and data that lie at the heart of any successful, growing business. This applies regardless of whether it concerns employees and data access from within a corporate domain or if it applies to how your external customers access the applications and data your business provides to them online.
There are five main factors underpinning the need for an Identity and Access Management strategy:
The EU Data Protection Regulations, Safe Harbour and other legal regulations are requiring businesses to be able to show effective data governance policies and capabilities are in place. For European businesses, the 28th of May, 2018 is when the regulations came into force. By then, if you haven’t defined your data access policies, have the means to enforce them accurately and also have the capability to produce a verifiable audit trail, your business could be in trouble.
The flexible provisioning and de-provisioning of employees and subcontractors, defining access policies to data, and multiple technical systems working in concert create the platform on which a business can grow. If this platform isn’t in place, a vast amount of internal resources are spent managing users, ensuring they can access the applications and data they need to do their work.
Doing business online is creating an increasing need to prevent unauthorized access to customer data, whether by employees or any third party, preserving hard-won customer trust. Sony, Talk Talk, Apple and a host of others have all learned to their cost that insecure online systems can be pretty easily exposed and this insecurity has a direct cost in terms of customer trust, lost revenue and share price drops.
Outdated and inflexible Identity and Access Management systems mean reduced employee efficiency, more time plugging holes in an exposed system and greater time spent guarding rather than using data, all of which drive up cost. Any employee who is waiting for a password reset or can’t access the 3rd party SaaS app they need to is an idle member of your team who is still costing the business money.
Online services we use in our personal lives are influencing our expectations of the tools we want to use in our professional lives. For example, when you log into your personal Google Account, you get access to all of Google’s applications. The user interface is, for the most part, clear and intuitive and the product suite from Google is easy to understand and access. Other consumer-oriented services such as Spotify, Apple, Facebook and LinkedIn are also all creating certain expectations in regard to how any online application should look and perform.
Businesses have to adapt to meet these changing customer expectations as well. If your business has any type of customer account to which a customer has to register, you need to be thinking about what your customer is expecting to use and this sits at the heart of your Customer Identity and Access Management strategy.
Delivering an effective Identity and Access Management strategy has become a strategic imperative for all businesses operating online.