Deloitte’s cyber practice has provided 10 questions organizations should ask about their digital identity management programs.
As businesses transform and tangible “walls” give way to a limitless cloud environment, organizations should be able to use their identity management programs to enable more fluid, more capable, and more secure digital transformation initiatives.
Digital transformation initiatives are likely to bring much improvement and complexity into an organization’s ability to effectively secure access to internal and external stakeholders. In the recently released ” survey, respondents indicated that the top three enterprise identity security initiatives were:
- Migration of on-premise active directory to a multi-tenant, cloud-based IAM service.
- Identity analytics user and entity behavior analytics (UEBA).
- Privileged access management (PAM) and advanced authentication including multi-factor authentication (MFA) and risk-based authentication (RBA).
Identity management is important for enterprises where trust and reputation are their top concern. However, solving for the initiatives stated above and determining what digital identity solution is appropriate for an organization based on enterprise needs can be a challenge as each organization has particular needs and requirements. Identity solutions must continue to adjust to the expanding threat landscape and changing compliance pressures.
- Deloitte’s cyber practice suggests organizations honestly answer the following questions about the future of their digital identity programs to help them solve for the resource, technology and capabilities constraints of the future:
- Does our enterprise plan to transform digitally? If so, do we know whether we’ll adopt a hybrid environment or a completely cloud-based environment? If the latter, will it be a public or private cloud?
- Does our identity and access management solution meet our changing end-user and information technology (IT) requirements given the technology improvements of digital transformation?
- Do our identity and access management processes fully secure third-party identities access our network? Do we know all the third parties that connect to our environment?
- Do we know all the privileged identities within our IT environment? What procedures do we have in place to detect, prevent, or remove orphaned accounts?
- How do we employ MFA policy? Do we enforce a consistent layer of MFA or do we deploy a step-up authentication depending on the severity of access requests?
- As every organization races to become the category leader in customer experience, are we able to harness the potential of consumer identity?
- Does our identity solution provide identity analytics showing how users are using the access that they have been granted?
- With the shortage in qualified identity professionals, can we deploy and expand our identity program to get the outcomes we need?
- What are our compliance concerns today and how will we address them tomorrow?
- Is our identity deployment providing the business outcomes we want along with the business value we need?
“Managing cyber risk across the enterprise is quite different than it was even five years ago. Cyber is everywhere and it is too big for any one organization to manage on its own. It’s why organizations need to think about digital identity as a platform in order to move faster and more securely,” said Mike Wyatt, cyber identity solutions leader and principal in Deloitte & Touche LLP.
“With an ever-changing threat surface, a well thought out cloud solution with a quality provider may be able to provide a better cyber posture than those created in-house. Organizations need to ask themselves what risk they can tolerate and resources they can commit without negatively impacting their core business strategies.”
(Image Courtesy: www.securitybrief.eu)