In a cloud-first, hybrid world that’s supported by distributed data, IAM underpins everything from a security architecture standpoint in an enterprise.
Describing the term, Prashant Mascarenhas, Vice President - Cybersecurity & GRC Services at HCLTech, says: “It's an element that is directly impacting user experience in the way enterprise users or consumers interact with the IT systems and applications that they need to access.”
According to Mascarenhas, IAM is defined by three elements.
The first is managing the “human, machine or device” identities. The second is providing the right access to those identities—the security policy defines who gets access to certain data and applications. The third is governance, which focuses on understanding if something has gone wrong and if so, how to remediate it in compliance with regulations, which mandate organizations to report back certain incidents.
The first line of defense
In the traditional IT world, most applications and enterprise data resided in on-premise data centers. In this environment, network security acted as the first line of defense and enterprises took a layered approach to cybersecurity for both internal and external threats.
However, “those layers don’t exist anymore. Data is distributed and most applications have moved to the cloud with global workforces operating in a hybrid model”, says Mascarenhas.
Today, IAM is one of the most critical aspects of a cybersecurity strategy and the first line of cyber defense. It enables enterprises to grant specific users access to different applications and data across a rapidly expanding environment as part of a zero-trust architecture, which includes the emerging world of edge computing.
The cybersecurity mesh for the new age enterprise
The concept of the cybersecurity mesh was introduced by Gartner in its Top Strategic Technology Trends for 2022.
The research analyst firm predicted that by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
“This concept or developing architecture represents the integration of various security tools into an ecosystem, where all these tools exchange contextual data between each other. Organizations are then able to create a unified security policy across these various security tools using modern communication mechanisms and an API-based approach. This enables real-time analysis of an organization’s security posture,” says Mascarenhas.
He continues: “This idea is very similar to zero-trust—identity underpins the entire concept. Identity helps all the discrete tools play well together and enables the deployment of least privileged policies across a distributed environment.”
Delivering better user experience
IAM represents the foundation of everything in the security space. It’s an enterprise’s first point of control and first line of defense.
Beyond this, IAM has huge potential in elevating the user experience.
Mascarenhas explains: “Over the years, enterprises have built a lot of security controls, and when users start accessing applications or data, these controls become visible and create a negative user experience. But, by taking IAM and integrating it across all the security tools in the cybersecurity mesh, there is the potential to make a lot of these controls more transparent to the user, reducing friction. This will elevate the user experience and at the same time, help organizations improve their security posture.”
Supporting IAM ambitions
For security conscious organizations, IAM is a necessity. But often, they struggle to implement such frameworks on their own.
Technology transformation partners, like HCLTech, can help on this cybersecurity journey.
“HCLTech has a large identity practice, with close to 1500 resoruces. We work across multiple different technology partners, whether modern authentication or directory services, to help organizations realize their cybersecurity ambitions. In addition, we can deliver the governance and administration of IAM products through our IGA platform, while offering consulting services that assess an enterprise’s current security landscape. This drives transformation, automation and reduces the amount of human effort needed to bring in new technologies like artificial intelligence and ML to mitigate risk and provide a holistic approach to security,” says Mascarenhas.
He adds: “The application landscape and security policies are constantly changing. To keep up with this ever-shifting environment, identity systems need a DevOps approach to ensure they can run and change in an agile manner. This is something we can deliver and is quite unique to the identity space.