Historically, it has been observed that the breach of data security mostly occurs during employee transition periods, either while getting relieved from the organization or getting transferred to another department. The risk has also been observed when new employees join organizations. Since the data contains critical information worth millions of dollars, it becomes imperative for organizations to control processes and grant access to information to verifiable sources, negating any possibility of data leak using automated identification and verification management system.
IBM’s Cost of a Data Breach Report 2020 states that the average cost of insider cyber incidents, across sectors, is $4.37 million in comparison to the average cost of data breaches caused by system glitches is $3.38 million and human error $3.33 million.
Identity and Access Management (IAM)
Identity and Access Management (IAM) helps in controlling the distribution of critical information by granting access to the right enterprise assets, to the right users and in the right context. It is a robust Identity and access management system that can be added to a protection layer against the rising threats of ransomware, criminal hacking, phishing and other malware attacks.
In addition to IAM, it is also an important task to digitize a legacy based entitlement system to a role-based framework with the implementation of privileged account management (PAM), also known as Privileged Identity Management (PIM) as it is considered to be one of the most important security measures for reducing cyber risk and achieving high-security ROI. Together, PAM and IAM help to provide fined-grained control, visibility, and auditability over all credentials and privileges.
Another important aspect of a successful IAM is authentication. Most of us believe this transaction authorisation is done using concepts like user id, PIN, password, biometrics or two-factor authentications (2FA). Though these concepts are very powerful tools when it comes to how access is granted, the key question these concepts do not answer is who gets to authorise which transaction.
This is done by a myriad system of authentication and authorization across applications and platforms and is core to the integrity of any enterprise information system. Most financial firms use Windows Active Directory (AD) authentication to decide which user can access what applications. AD-based authentication is a simple, yet powerful tool which has been in vogue for over a decade now.
At its core, AD authentication is a mapping service/tool which links user IDs to privileges or features. These privileges could be a wide-ranging, starting from the very basic ones (a.k.a. authorization rights) which gives access to a certain application, to the more complex ones (a.k.a. authorization rights) which confer “special” or “admin” rights to the users.
Management of user rights and privileges is another key dimension and falls within the remit of IT Operations. Enterprise systems need to have a clear repository detailing which user has access to which AD groups and hence, which privileges. Such repository should support at least two way querying i.e., fixing the user ID and finding which AD groups the user belongs to and fixing the AD group and finding which users have access to the same.
Identity and Access management system of world’s third-largest asset manager was known to achieve agility and performance improvement with environments available up to 80% faster and the speed of the application development and test projects up to 60% faster, resulting in cost reduction opportunity estimated to be $100k, or 20% of addressable spend and helped enterprise to build robust virtual walls that help to save it from cyber security threats.
Going forward, access Management is going to remain an interesting space. As the world becomes more integrated, complex workflows emerge within organisations and software delivery becomes increasingly agile, access management will evolve to support these new challenges and to enhance protection against cyber-security threats. Concepts like need-based or on-demand privileging are only going to gain traction. Practitioners, as well as observers in this space, are in for a thrilling ride.
By Rajendra Vallecha, Product designer and Implementer of IAM systems for world’s third largest Asset Management Company and Senior Business Analyst at Atos Syntel Europe Limited.