Trey Gannon, risk services director with Deloitte Touche Tohmatsu Australia says Australian enterprises are not taking identity and access management (IDM) seriously enough.
This is despite the well-documented risks of security breaches in today’s more complex, mobile and virtualised workforce, not to mention the significant productivity benefits that IDM offers.
“All organisations are aware of ID and access management and call it important to a degree; but the vast majority have shoehorned the problem into the IT department only,” Gannon says. “Fundamentally there is a disconnect occurring.”
What organisations appear to have difficulty understanding is that identity and access management is a core functionality, without which they risk largely forfeiting their ability to be flexible and adapt to the many changes going on around them.
In its recent paper ‘Digital disruption: short fuse, big bang’, Deloitte warns around a third of the Australian economy is unprepared to deal with the challenges being presented by sudden recent advances in technology, and cites identity management as an example of where larger companies especially could find themselves in deep water.
“To a certain extent, professional services vendors have contributed to there being a narrow view of IDM,” Gannon says.
Having presided over many an IDM project post-mortem, he notes that the cause of death is almost invariably lack of communication. The failure to communicate and define the business value and the failure to bring business to the table as part of the governance process.
Organisations need to ensure that the data they wish to create access controls around is truly valued right across the board, Gannon says.
In order to do that, they must develop user-focussed interfaces that help to empower the individuals in the business. “Companies need to adapt a user-centric view,” Gannon says.
And they need to develop strategies and approaches for managing identities throughout a user's entire history.
“Organisations need to adopt a long-term approach, which enables the management of identities throughout their entire life cycle," Gannon says.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
