- Published: October 2010
Business-Driven Identity and Access Management: Needed Now More than Ever
- Published: July 2012
- Region: Global
- 6 Pages
- Enterprise Management Associates
Identity and access management (IAM) has long been the first line of action to assure the availability of IT resources to those who need them, and protect the business from those who don't. This has led to significant expenditures on IAM projects in the enterprise -- and yet many of these costly projects have failed to meet expectations. Why?
In EMA's view, a good deal of the reason is because many IAM technologies were created to serve IT rather than serving the business. Identity and access provisioning is a prime example. Provisioning technologies automate activities for creating accounts and assigning access privileges. Unfortunately, the processes they implement were often invented by IT to solve IT problems of automating access controls and reducing the cost of user support. What legacy approaches often overlook is one important fact critical to success: Business stakeholders have the context to make access decisions, and are ultimately responsible for making thoughtful and defensible access decisions. Information security and business risk management teams carry significant responsibility for administering strategic security initiatives as well as tactical policies and controls. To do this effectively, however, IAM solutions must become business-driven, automating proven, reliable processes that enable informed access decisions with minimal impact on the business professionals who must make them. This distinction is key to simplifying deployments, reducing IAM costs, and improving outcomes in balancing security and compliance objectives with business goals.
In this report, EMA explores what today's forward-looking IAM technologies have learned from this evolution, with solutions that emphasize a business-driven approach. Aveksa is highlighted as an example of a vendor who has recognized the important distinctions between business logic and application integration flexibility needed in today's solutions for automating identity and access governance and protecting business assets more consistently and effectively from today's access risks. SHOW LESS READ MORE >
The Evolution of Identity and Access Management
Where Legacy Has Failed
The Aveksa Example