Operating environments are spiraling outwards to accommodate business demands for mobility, multi-device access from remote locations and real-time information. The ability to secure our core asset – information – and manage how this is accessed and by whom, is a major issue facing information security management today. Mobile collaboration and cloud computing have brought identity and access management to the fore as a means of tightly coupling people, identities and their roles to classified information.

Securing information is business critical
The reality is that while a business may be able to recover from the loss of buildings and capital equipment, the damage done when information is lost can be irrevocable.  The impact of stolen intellectual property could be catastrophic, and the loss of reputation if sensitive information were to be leaked, or even sold, may be something a business may never be able to overcome.

What’s more, as the value of information is recognised by governing and regulatory bodies, legislation and the need to comply with certain standards around the storage and access of data will be imposed, forcing organisations to reconsider lax controls around information.

According to Samresh Ramjith, chief technology officer for Dimension Data Security Solutions South Africa, by introducing an identity and access management (IAM) strategy that takes into consideration the evolving and advancing nature of technology, an organisation is able to proactively implement the tools required to keep pace with legislation and compliance issues – and maintain good security practice.

How does access control fit in?
The answer is simple.  The most secure building on earth is rendered obsolete if you leave the door wide open.  “Businesses are coming to terms with the fact that people are their biggest security threat,’ says Ramjith,   “In many instances our people may be unaware of the full extent of the risks they expose the business to with irresponsible behavior. Even when they are, people can still be negligent. They can also be gullible, vulnerable to the acquisition of information under false pretenses such as phishing and similar scams.  And finally, they can be outright malicious, wishing to harm the organisation or profit from the sale of sensitive information.” The converse holds true as well – organisations that engage their people as active participants in information security and risk management strategies are often able to deliver higher levels of consistent compliance and conformance to security standards.

Since one can’t very well do away with the human aspect of the business, it becomes the task of management, enabled through technology, to control the flow of information through the organisation.  “This is where access control comes to play such an important role in business, “says Ramjith. “By tightening access to information, you lower the risk associated it.  But the key is to do this judiciously so as not to impede business agility.”

Finding the Balance
Organisations need to strike a balance between agility and vulnerability. “IAM, when implemented correctly, will ensure that the right information is available to the right people timeously.  Information should be enough for individuals to perform their roles, but without putting the business under undue risk,” explains Ramjith.
This is where information security becomes a business enabler. For these kinds of solutions to work optimally, the organisation needs to have a deep understanding of how their business operates, who performs what role and how information flows through these workflows.  With this insight in hand, role-based access becomes possible.

“This is becoming even more critical with the introduction of things like mobility and cloud.  Both of these technologies are designed to make information more readily available and enable a remote workforce. But as the lines of your ‘secure’ environment become blurred, security risks skyrockets” says Ramjith.
“Access control, through role-based profiling is no longer about accessing a server with an encrypted  password, but building the right security profile for an individual that allows them, wherever they are and what ever application they are working on to access the information they need to do their job.  This ability to creating a free workforce is one of the key concepts driving IAM.

Improving business
The organisation will need to make a commitment to the process and take a long hard look at its architecture, system engineering, processing and of course workflows.  It also calls for a need to clean up the information environment which is a huge challenge in diverse, disparate and sprawling informational estates.

“Unfortunately, given this disparity, there just isn’t a single product which will provide that mythical ‘silver bullet’, and an array of tools may be required,” cautions Ramjith.  “To get the kind of visibility and level of integration required, most businesses will need to invest in consulting services.  But the value this will add in terms of optimising overall operations is phenomenal.”

The streamlining of business processes and workflows, introduction of automation, sanitising of databases and consolidation and integration of information all equate to an improved, well-oiled and efficient business machine.  This machine will be ideally positioned to leverage the full potential of future developments in cloud, mobility and convergence – equating to real competitive advantage.