The importance of identity and access management (IAM) has been significantly elevated due to the adoption of cloud technologies.
About 15+ years ago, most business software was stored on individual employee devices, and workers might only need to have a password to log into an internal business network. They didn’t have the approximately 100 different passwords they do now, which are mostly associated with websites and business cloud applications.
Those passwords have been under attack, as hackers view them as the best path to company assets like customer lists, employee payroll data, etc. Without an IAM system in place, companies are vulnerable to having their cloud accounts breached and becoming victims of insider attacks.
During the first half of 2021, phishing attacks targeting employee credentials rose 73% from the previous 6 months.
What Does IAM Do?
Identity and access management provides a system of checks and balances for employee credentials. Without a framework and automated system in place to ensure passwords and access privileges are being handled securely, companies make account provisioning mistakes that cost them.
How does it cost them?
Here is one recent example. In May of 2021, Colonial Pipeline, the largest pipeline system for refined oil products in the U.S., suffered a major ransomware attack that took the company and pipeline down for nearly a week. The company ended up paying $4.4 million in ransom to the attackers because its leadership felt there was an obligation to customers to do anything possible to return operations as quickly as possible.
How did the attackers get in to plant the ransomware? The company had an unused employee VPN account that was not protected with multi-factor authentication. Poor provisioning practices left that account open when it should have been closed.
Of course, another cost of not using an automated IAM system is that businesses pay for extra cloud services accounts that are not in use.
What Should You Look for When Choosing an IAM Solution?
An IAM solution should relieve IT and increase data security for the organization. It does this by means of an automated, rule-based, and error-free allocation of user accounts and authorizations.
Consider those that use your HR system as the basis for your user credential administration.
Your HR system contains all the data you need as a foundation for managing user accounts and authorizations:
- First name / last name: for the creation of user accounts, email inboxes, etc.
- Location / Department / Position: often used for an authorization model, with permissions assigned based on these data.
- Entry/exit date & role changes: determines from when to when an employee needs access to the system and data.
With an interface between your personnel system and network, the changes in the personnel master (entry, change, exit) are processed automatically and can be applied to rules that carry out accompanying updates to access management and user privileges.
So, if an employee had left a company and had this noted in their HR file, that employee’s cloud accounts would not be left open and unattended, waiting on someone to remember to close them. Instead, the automation would trigger them to be shut down automatically.
Here are some things to look for in a good IAM solution, like HelloID.
Rule-Based Authorization Assignment & Access Control
A good IAM solution offers the ability to assign authorizations in an automated and structured way based on business rules. In this case, authorizations are assigned automatically and dynamically throughout the entire user lifecycle (entry, change, exit) based on user attributes or a combination of user attributes such as department, position, function, or location.
A good IAM solution has many connectors so that the automation for assigning and managing user accounts and authorizations can reach as many of your systems as possible. Optimally, these connectors are available by default or must be easily developed by your own staff. In addition, the connectors must support systems both on-premises and in the cloud.
Easy Installation and “Do It Yourself”
You don’t want to get an IAM tool that is complicated or requires an IT person to make a simple change. Therefore, the interface should be user-friendly and offer a “self-service” capability. This enables a workflow for IT resources and permissions that cannot be automated, e.g., because they are temporary or need additional approval, to be requested by employees themselves and approved by a responsible person.
A good IAM solution logs the relevant changes. This improves access control, internal questions can be answered quickly, and audits can be passed more easily.
Transformation in the Cloud
For IT to flexibly support the organization’s business needs and reduce IT costs, systems and data are increasingly being run from the cloud.
A good IAM solution will support your IT transformation to the cloud by helping to manage secure access and appropriate permissions for cloud-based systems and data.
Since this transformation does not happen overnight, your on-premises systems must also be further supported. IAM solution must support the management of user accounts, permissions, and access both in the cloud and on-premises.
Book a Live Demo or Call to Ask Questions!
Improve security and reduce costs with an automated and easy-to-use identity and access management solution.
Find out more about how HelloID Provisioning can help.
References linked to: