Our IT Executive Roundtables are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate dialog on current trends and topics. The group met remotely to discuss powering secure and seamless experiences led by the VP & CISO of a leading Industrial supplies company. This Session was sponsored by Okta.
Identity and Access Management (IAM) is a staple of modern security. It lets you implement consolidated authentication flows across your entire infrastructure and enables you to enforce the principle of least privilege. But how do you get started with IAM? What are the main modules of an IAM solution? How do you use IAM to create a balance between security and user experience?
At the start of the discussion, attendees shared where they were on their respective IAM journeys. A cybersecurity leader said they have a manual onboarding/offboarding process and are planning to refine their privileged access management. A CISO added that several of their pitches for new tools were rejected because of budgetary constraints, which has limited their ability to have a mature IAM process. A CTO remarked that their automated IAM workflows don’t perform well during peak load hours. A product marketing manager said they have a very user-friendly IAM process—they use biometrics to log in to their system once and are done for the day. Multiple executives claimed that they were somewhere in the middle of implementing IAM.
Before the expansion of digital platforms, we had isolated systems. Local credentials were provisioned on these systems without expiry, as they weren’t exposed to the outside world. Today, our crown jewels don’t just exist inside our local data centers. Infrastructures are divided across cloud platforms, employees work remotely, partners and vendors need access to your applications, and customers log on to your systems from several touch points. In such a digitally connected and exposed world, you need to have a process to govern who has access to what and under which circumstances. You need to constantly validate users every step of the way without compromising user experience. The cliché that identity has become the new perimeter holds true.
A participant told the audience they were about to invest in an IAM solution to manage access control across cloud and legacy applications. Once they have set up the solution, they will integrate it with their existing sources of truth, e.g., SuccessFactors, Active Directory, etc. The goal is to automate provisioning and de-provisioning, such that fine-grained privileges are assigned to users when they join and automatically revoked when they leave.
Modern IAM solutions have three different modules:
Multiple speakers agreed that finding the right balance between security and user experience is crucial. A good IAM solution should enhance your security posture while making the login experience faster and more seamless. If users repeatedly go through a multi-step authentication flow for day-to-day activities, their experience and productivity will be compromised. With that said, in highly regulated industries, like healthcare or financial services, you often have to bear the pain of more conservative controls to stay compliant.
An attendee exclaimed that selecting an identity solution that caters to all your use cases can be challenging. For example, they are looking for a lightweight solution that doesn’t have a sizable infrastructural footprint. It should be easy-to-use, cloud-first, and future-proof and integrate with their legacy apps. Finding a system that ticks all these boxes has been challenging.