Aberdeen recently released a report documenting the trend toward businesses adopting a more platform centric view of Identity and Access Management - noting that companies can save up to 48% by deploying solutions that are part of an integrated platform vs. deploying and integrating point solutions from different vendors. Get a copy on our website.
Security Is About Latency
In Identity Management, security is a question of how quickly we can adapt and change. When an employee changes job roles or separates from the company, the latency of changing the employee's access to applications is the window of risk exposure. If a hacker is attacking your system, the latency of detecting the hacker and preventing the attack is the window of risk.
Analogy - if I go outside to pick up the mail and leave my front door open for five minutes, the chances are my TV is still in my home when I return. If I go to Aruba on vacation for a week and leave my front door open most likely my TV is gone. The key difference is the latency. The faster I close the door ,when I no longer need it open or when I am no longer monitoring it, the more secure my TV will be. In Redwood City I can probably keep my door wide open for a day or more without my TV disappearing. Lets say I am in Manhattan. If I leave my door wide open for one day, I may lose my TV. The difference between Redwood City and Manhattan is the velocity and volume of the potential threats. In Manhattan I need low latency change. In Redwood City, I can probably go a little longer without closing my door. In Manhattan there is just a larger volume of traffic that can potentially walk into my place if I leave the door open.
To connect the analogy, organizations today are providing more remote access to partners, customers and employees. At the same time the volume of applications has risen. The business enterprise is now living in Manhattan and leaving lots of doors open. The processes to change access control via help desks, determine appropriate level of access, enforce separation of duties and monitor user behavior are not integrated enough to keep up with the velocity of the threats. Here are a few examples:
- Employee Job Change - Organizations use ticketing systems to have user access changed. The reality is that the help desk is taking these requests by the thousands and it takes days or weeks to make access control changes.
- Employee Separation - Organizations depend on application administrators to remove dormant accounts and reconcile which users are no longer with the company before terminating access. The reality is that there are thousands of accounts and the application administrators do not have a way to truly certify a user's access or account.
- Re-mediating Employee Certification Reviews - Organizations depend on managers to certify their employee access without providing the context information necessary for managers to make the right decision. The reality is that many managers are blindly certifying user access because the task of verifying user access is too cumbersome.
Bottom Line: Quicker access change control to portal applications and better prevention of SOD conflict to ERP systems makes the enterprise a safer place.
We have to reduce latency of access change as the velocity of the threat increases. An integrated platform minimizes the latency of change across all applications so enterprises can adapt to the velocity of threats.