Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM services were traditionally built for a company's internal use, to assist with establishing access privileges to organizational data and systems behind the firewall. Today, organizations must implement a dynamic IAM solution that serves employees and customers, partners and devices and all those in between, regardless of location. This is the evolution of IAM to Identity Relationship Management (IRM).
Companies get there by focusing on:
As people, devices and “things” are assigned identities across networks – simple, flexible and scalable IRM services that are designed to quickly verify identities and access privileges become imperative for any business or institution to safely and efficiently engage with their stakeholders and customers. Leaders of businesses, governments and academic institutions must identify vendors of services that provide highly scalable impact because these methods of engagement directly drive revenue and impact brand value. Today's solutions must link any device from laptops to social apps into a single security platform that works anywhere at any time. This is the standard that people have come to expect.
As we see more and more data breaches, security hacks and surveillance leaks, it's becoming apparent that successfully deploying IAM or IRM services can be complex. Identities and their use in the real world are very contextual, moving from context to context with some ease because personas are often separated by time and space. This real world behavior is not simple to replicate in the digital world because contexts may be connected via intertwined networks.
Yet many organizations believe it is their duty to create their own IAM services that ask users to create personalized log-ins, as well as to share more and more data. By doing so, these organizations introduce higher degrees of information risk.
So, why do organizations create their own systems? There are many answers to this question: perhaps they believe that a strong perimeter is the only way to be secure and the collection of personal data may prove to be a valuable resource that is waiting to be prioritized, or because they may have not completed an internal risk assessment to identify and measure the risk of holding and managing personal data against the potential profits.
Now we ask – is the business value in a digital identity that is directly matched to an individual? Or is that value in the relationship that the identity represents? IRM shifts focus to a market that innovates around the value of relationships that are represented by identities and not the identities themselves. This shift creates an increasingly hyper-connected world, bringing with it the complexities of deploying IAM, including: privacy for personal data, appropriate security, access control and attribute information sharing policies (where attributes are pieces of data about a person, entity or thing). However, these complexities also represent a wealth of opportunities for IRM deploying organizations. There are vendors with a core focus on making IAM, and now IRM, easy and secure for business. When deployments achieve innovative privacy and security markets grow and networks thrive.
With a better understanding of IAM and the evolution to IRM, CIOs are able to make more informed strategic decisions. They are also able to move the topic of “identity” from the “help desk” to the business development team. What to do next? We suggest the following: