Secure Critical Information with IAM
By Priyanka Akhouri
Mumbai, Apr 16, 2008

Information security is an increasing and never ending demand by enterprises, for the overall data protection of the organization. They are always on the look out for solutions and systems - that will give users greater access to information, while protecting the security and integrity of the organization' s information assets.

So what's the solution?

Identity and Access Management (IAM) is one such option. It enables enterprises to overcome the challenges faced by them, while accessing critical information. IAM broadly refers to the administration of individual identities within a system, such as a company, a network, or even a country.

Satish Kumar Dwibhashi, manager (Client Solutions Group) of SecureSynergy feels IAM enables CIOs and enterprises to manage issues - related to information access and applications, scattered across internal and external application systems.

It includes processes, technologies, and policies to manage identities. It illustrates how resources can be accessed. Here, we talk to some industry experts and try to determine the role of IAM in securing critical information.

Importance of IAM

IAM ensures business facilitation, cost reduction, operational efficiency, effectiveness, and security.

It also ensures compliance with corporate policies and government regulations. Administrators receive tools and technologies allowing them to change a user's role, to track user activities, and to enforce policies on an ongoing basis. The ultimate goal is to provide the right people with the right access at the right time.

Companies are using IAM systems not only to protect their digital assets, but also to enhance business productivity. "The system's central management capabilities can reduce the complexity and cost of an essential process. IAM systems also give organisations a way to control the swarm of undeterred endpoints like laptops, PDAs, and mobile phones," added Gare.

Benefits of IAM Reaped by Organization

IAM systems can become the foundation for a secure network, because managing user identity is an essential piece of the access-control picture.

By implementing a well-planned IAM solution, corporations can reap many benefits that can help improve operational efficiency, reduce security risks, improve visibility, and enhance compliance and internal controls.

Various verticals like telecom, ITeS, BPO, retail, manufacturing, etc. have been major adopters of IAM solutions in India. Governments, as part of their citizen service centres, and eGovernance frameworks, are also considering it.

Here are 5 ways in which IAM helps organizations

1. Improves Identification Issues

An integrated, scalable and robust IAM infrastructure allows enterprises to manage the end-to-end lifecycle of user identities across all enterprise resources, both within and beyond the firewall. It improves efficiency and management overhead of the organization.

According to Shailendra Sahasrabudhe, country manager (India) of Aladdin Knowledge Systems, IAM allows organizations to ensure that individuals who access their network, applications, and portable devices are indeed who they claim to be.

2. Reduces Security Risks

It gives higher controls for the Internet users, and also corporate security policyholders to help prevent online identity thefts. It reduces security vulnerabilities.

According to Harshal Pendse, director (technology initiatives) of Oracle India, "IAM also addresses the critical issue of online fraud prevention and real-time, online risk assessment."

3. Improves Operational Efficiency

Implementing IAM system in an organization gives a competitive advantage in a number of ways, and increases RoI. Since most businesses today need to provide users outside the immediate organisation with access to their internal systems, IAM systems allow companies to extend access to its information systems without compromising security.

"Controlled identity and access management has the potential to provide greater access to outsiders, who can drive productivity, satisfaction, and ultimately revenue for the organization," states Gare.

4. Reduces Complexity and Lowers Cost

In an economic downturn, enterprises are looking for cost-cutting measures.

Simplifying password management lessens complexity, and reduces the number of help desk issues related to password resets, and account provisioning. With the growing volume of users, current staffing volume cannot accommodate the enterprise's needs.

Dwibhashi feels user information can be leveraged with IAM systems, in many business processes that provide a consistent and more secure access control infrastructure.

5. Takes Care of Regulatory Compliance Needs

Organizations today view meeting security standards not only as a need, but also as a marketing differentiator for attracting customers, growing sales, and increasing brand loyalty.

Various industry verticals require to establish a secure access control infrastructure. HIPAA, Sarbanes-Oxley, and other Acts ensure companies address their internal infrastructural needs, of which information security is a part. With IAM, meeting compliance standards is made easier.

According to Gare, IAM systems improve regulatory compliance by providing an organization tools to implement comprehensive security, audit, and access policies.

Related Links:

New Service for Enterprise Identity Management