Gartner outlines key actions for CISOs and IAM managers

by CXOtoday News Desk    Mar 12, 2013


Chief information and security officers (CISOs) and enterprises dealing with identity and access management (IAM) must keep sight of the demands of day-to-day operations, governance, risk management and compliance, while extending their vision to include the Nexus and the delivery of meaningful, business-focused results, according to research firm Gartner.

According to Ant Allan, research vice president at Gartner, “The Nexus of Forces are already having a tactical impact on IAM. Businesses must manage identity in an increasingly hybrid world in which legacy on-premises IAM infrastructures are extended or replaced to support software as a service and mobile endpoints. Identities established on social media platforms are also being used for enterprise system access. It has been observed that enterprises failing to get to grips with the challenges and opportunities of the Nexus risk will stay behind.

Gartner outlines key actions for CISOs and IAM managers to prioritize in 2013, in light of trends in the IAM market. These include:

Plan, Manage and Govern Your IAM Program: According to Allan, every program needs solid foundations. Establishing a strategic vision for your IAM program is crucial, and this means being able to articulate its overall business value. IAM managers also need to know how to communicate, how to make the right decisions about IAM initiatives, and how to place IAM in the context of enterprise architecture.

Take a Pragmatic Approach to IAM Technologies: It’s important to understand what’s going on in the world of IAM today, states Gartner. “What are your peers doing? How can you best use the technology you have to achieve your desired results with a minimum of wasted effort and expense?” states Allan.

Get to Grips With the Nexus of Forces: The Nexus of Forces is already having a tactical impact on IAM, and a number of issues are on everyone’s mind. You need to separate fact from hype, and understand where and how IAM can support business objectives. You also need to exploit emerging trends and technologies, and assess how your strategic vision can reflect the Nexus of Forces.

Complement IAM With Security and Risk Management: IAM, security and risk management are related disciplines that overlap both in terms of business objectives and the technologies used. Both aspects must be considered to get the most out of your investment and to maintain a robust, multifaceted approach to IAM, infrastructure protection and risk management within your organization. It’s therefore essential to understand how IAM and security and risk management tools and techniques complement each other.

According to Gartner Executive Programs’ CIO Agenda survey, IAM processes and technologies make significant contributions to the business strategies and technologies that are among CIOs’ higher priorities. “Close alignment with CIOs’ defined priorities makes it easier for IAM leaders to justify budget and head count requests, particularly for new initiatives,” summed up Allan.