Yesterday on May 3rd we invited some IAM professionals to discuss different IAM issue’s and current trends in the Identity & Access Management landscape. This gave us the opportunity to learn from each other and share some customer stories as knowledge partner at the table. For this round table we selected Kasteel Woerden as location. We look back at a successful day where everyone received plenty food for thought. A short summary below on some of the topics that we discussed.
The first topic we discussed was how we currently deal with the automated life cycle management. This means the whole onboarding/off-boarding process and giving people the right access from begin to end. It became clear that for most it’s currently only partly automated and a lot is still done by hand. Which means there is a lot of time to win and this gets more important everyday with the lack of good security resources.
Another topic was scalability of the IAM services within an organization and how people thought about moving from on premise solutions to the cloud. Many pro’s and con’s regarding the cloud came by. The most important concern was trust. How can you be sure the cloud supplier has the same high security requirements as you do, or where is the data stored? One of the ways you can check this is by looking at their certification. Not just everyone can walk into their datacenters. Most agreed that for the time being there will be many hybrid solutions, with part cloud and part on premise.
We also talked about Identity Management and how you can use context to gain trust and when to force a second authentication, when trust us low. For example, if the same person logs on from a new location a 2-factor-authentication might be required. But it goes even further than that, for example how quickly you type in your password. These can all be triggers to ask for the extra verification.
Resources, specially how to use them productively, was touched during many topics, but very specific during the cloud discussion. If you move your IAM functions to the cloud, would you still need all these security resources on-premise? How much of the responsibility are you willing to give away? It became clear that you will always need your security resources on-premise to manage these new cloud solutions. Knowledge is power and it can be too risky to depend only on third parties for this.
The last topic we discussed was how to handle privileged accounts and how to make sure they are secured. Many different solutions can help with this, but it became clear most of the professionals prefer to store the credentials in a vault. From there you can secure the way the organization works with the most sensible credentials. If a change has to be made this can be requested by sending a change request. This way you will always know who and why is inside your system. You can even shield some of the privileged functions and only give access to the ones that are required and for a limited period.
We are looking forward to the next one. Didn’t get invited or where you unable to attend this one? Let us know and we will keep you updated on when the next one takes place. Got urgent questions? Give us a call.