Security Practice Lead
Earlier this month I attended Gartner’s IAM Conference which brought together approximately 2,000 attendees along with technology vendors who work in this space. Overall, I found the conference insightful in both the topics covered and in the discussions with fellow security professionals. All of whom are charged with managing risk in their organizations. Their challenge is to select and deploy an IAM solution that meets their security needs all while avoiding complexity to their users. Consequently, selecting and deploying an IAM solution is more than choosing the right technology partner. It also requires working with other groups, particularly the user community, early and often in order to achieve a successful implementation.
Below are my 3 takeaways from this conference:
Identity is a Team Sport
A successful IAM deployment involves more than technology. Unlike other security technologies, IAM focuses on resources and their level of access which requires active engagement and support of the user community. In speaking with several people and vendors at the event a successful IAM deployment includes input and support from the users who will be using it. I know this seems obvious, but I did hear many stories where organizations first tried to implement their IAM solution without including or soliciting user involvement and it did not go over well. Consequently, those organizations who included their users (from the beginning) found their success rate much higher with less negative feedback. So, the main message here is when you implement an IAM, or any type of user management solution, including users early and often are critical to a successful deployment.
Multi-Cloud Usage is Here to Stay
Now that organizations have been using the cloud for many years a noticeable trend has started – multiple cloud usage. Initially, organizations chose one cloud provider for their needs. As they became used to using cloud services their usage has now expanded into more than one cloud. Since these decisions are more and more being made by the business units and not IT, resource and user management can become decentralized and therefore visibility and control are not as consistent. Consequently, it is vital that regardless which IAM and/or Privileged Account Management (PAM) technology is implemented, it must have the ability to perform in multi-cloud scenarios.
Don’t forget your Security Framework
Successful IAM deployments, as with other security technology deployments, rely on a clearly identified and implemented security policy/framework for success. Many attendees who I spoke with assumed that the “technology will handle it out of the box”. Consequently, they learned very quickly that while the technology can perform admirably, it does need direction via your security framework/policy. This can also be applied when deploying other security technologies such as firewalls, NAC, IPS, AV, etc. Where the expectation is that the technology will address our needs by choosing the ‘default setting’. In some cases, this is ok, however, to gain the maximum benefit it is important to choose and implement a security framework/policy along with the security technology that will be used as a foundation.
Selecting an IAM can be a challenge and successfully implementing and managing can be even more challenging. Feel free to reach out to me as we might be able to help you be successful with yours.