Welcome!

Java IoT Authors: Elizabeth White, Pat Romanski, Liz McMillan, Jamie Maidson, Yakov Fain

Related Topics: Microservices Expo, Java IoT, Microsoft Cloud, Containers Expo Blog, Agile Computing, Cloud Security

Microservices Expo: Article

The Marriage of Tech and Business… and How to Prevent a Divorce

Best practices for organization-wide identity and access management

Evolving regulatory compliance requirements can be a major headache for the IT teams responsible for identity and access management (IAM). Sarbanes Oxley, the wide range of privacy regulations and other federal requirements, have transformed IAM from a problem that keeps the chief information security officer up at night into a true business concern shared by all company executives. Knowing who has access to what information within your organization - and whether they should have that access - is a deceptively complex issue that has the potential to drive a wedge between even the healthiest of relationships across the business.

On the surface, it may seem as though the nuts and bolts of IAM should reside in a company's IT department. This is because there are many islands of information stored in databases across the business that are managed and administered by the IT team. In addition, employee access to particular areas of the network is usually enabled and revoked by IT.

The problem is that these functions are just the tip of the iceberg when it comes to effectively managing your identity governance program.

IAM Is Driven by Business Requirements
It has long been recognized that identity and access management must be process-driven if it is to gain any longer-term traction within an organization. In fact, Gartner highlighted the importance of process in a 2005 research report, stating that "Identity and access management is not only a set of technologies but also a set of processes that address fundamental issues about handling the strategic asset of identity in any enterprise. Establishing a long-term solution for managing identity requires understanding these basic processes."

Why is the process so important?

Any change to the identity of an employee is triggered by the business. The identity attributes of an employee are created when they are hired (onboarding), changed when they are promoted or assigned new responsibilities (change in responsibility), and must be restricted when they leave the organization (offboarding).

A strong partnership between IT and the company's business divisions is essential to ensure that:

  • There is a process to capture all of the changes that happen to the identity of an employee during their life cycle within an organization.
  • The business has established and approved the policies under which employee access will be granted or denied.
  • Changes are processed within the identified framework (i.e., no one is given access "through the backdoor").

By involving business owners early in the development of your IAM program - including human resources as it traditionally "owns" the bulk of employee attributes, like name, address, social security number and banking information - companies will improve the chances of executing their IAM goals on time and on budget.

Create a Culture of Continuous Compliance
Traditional approaches to identity and access governance take a reactive approach to meeting compliance requirements. If the sole measure of success is the ability to generate an attestation report, the company will always be in "firefighting" mode. It is far better to prevent access violations from happening than trying to chase them down once they occur. At that point, the security breach has already taken place, inappropriate access has already been granted and the damage has been done.

The goal of an effective identity governance initiative should be to ensure that employees are only given the access that is assigned to them under a clearly defined set of rules in accordance with company policy. On the other hand, requests for access that would violate a policy (e.g., separation of duties) should be denied and the appropriate manager should be alerted that a request has been made that would violate company policy. By working with business divisions to set these proactive policy parameters up front, the company is able to create a true culture of continuous compliance.

Your IAM Program Should Deliver More than Compliance
Compliance is a necessary evil. However, if handled correctly, compliance can also create the opportunity for meaningful efficiency improvements and cost reductions throughout an organization.

By managing the identity of your employees centrally and establishing proper business processes to manage identities, companies are able to:

  • Shorten new employee onboarding time to less than a day: It is important to capture the primary attributes needed to create an employee identity during the onboarding process and feed this information to all related systems (e.g., payroll, HR, Active Directory, SAP). This approach gives employees the access and assets they need to be productive on their first day with the company.
  • Eliminate repetitive manual data entry: A large Canadian retailer recently identified more than 90 attributes that make up the identity of their employees. More important, it also realized that these attributes were being manually re-entered up to ten times for different purposes across the company. Once it began managing their identity administration centrally, the retailer was able to capture data with no re-entry, thereby eliminating hundreds of redundant entries per employee.
  • Lower administrative costs: Improving time to productivity, streamlining administrative functions, and simplifying audits will result in millions of dollars saved, depending on the size of the organization.

Learn from Past Failures
Many organizations have been down the IAM solution path before with varying degrees of success. The problem-solving responsibility has traditionally been handed off to - you guessed it - the IT department, which typically attempts to solve the issue via technological solutions. As discussed earlier, the challenge is that the IT department is trying to solve the issue when it doesn't own the information or the process. Attempting an IT-only fix, centered around third-party technology and buy-in from other departments, leads to annoyance at best and losses in time and capital at worse.

In spite of these challenges, there is hope for organizations looking for the Holy Grail of IAM. Below are some best practices organizations can employ to improve their internal IAM processes:

  • Solicit business involvement early: IT cannot solve the problem alone. They're the custodians and the business is the end user. IT must engage with business and HR in lay language and find common denominators.
  • Create an identity warehouse: Conduct a thorough cleaning of identity data housed by various internal systems so there is easy reconciliation and clear visibility into access granted to employees.
  • Fix the controls: Implement procedures early in the business process (i.e., during onboarding), and make sure they are followed, to derive the most value from your identity and access management program.
  • Process, process, process: IT spends a significant portion of its time and budget on the dreary work of managing identities. IT and the business divisions can realize measurable benefits from implementing processes that drive down wasted time and money.
  • Go paperless: Going paperless with IAM liberates employees from the stacks of paper on their desks. An electronic IAM system can lighten the load across divisions by identifying holdups and speeding timelines.
  • Prevention is the key: Get away from the "putting out the fires" mentality. True process control means that fires are prevented.

Conclusion
Approaching IAM in a process-oriented way allows organizations to deal with potential problems proactively. When implemented properly, these best practices can help streamline IAM processes across all organizational departments, resulting in shortened onboarding, reduced costs, increased efficiency and regulatory compliance. Those are goals the whole company can get behind.

More Stories By Jay O'Donnell

Jay O’Donnell is the CEO and founder of N8 Identity and spearheads the continuing development of N8 Identity’s industry-leading solutions. One of the early pioneers of the identity and access management (IAM) industry, he initially founded an IAM consulting business in 2000. After overseeing dozens of large-scale IAM projects, he led the development of Employee Lifecycle Manager® in 2007 to meet the need for a software solution that delivered pre-defined identity and access processes throughout the lifecycle of a user within an organization. Jay is an internationally recognized expert in information security, compliance, identity management, federated identity and directory services.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit y...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device. For more information, please visit https://www.mangoapps.com/.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discuss how businesses can gain an edge over competitors by empowering consumers to take control through IoT. We'll cite examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He'll also highlight how IoT can revitalize and restore outdated business models, making them profitable...
Designing IoT applications is complex, but deploying them in a scalable fashion is even more complex. A scalable, API first IaaS cloud is a good start, but in order to understand the various components specific to deploying IoT applications, one needs to understand the architecture of these applications and figure out how to scale these components independently. In his session at @ThingsExpo, Nara Rajagopalan is CEO of Accelerite, will discuss the fundamental architecture of IoT applications, ...
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
Customer experience has become a competitive differentiator for companies, and it’s imperative that brands seamlessly connect the customer journey across all platforms. With the continued explosion of IoT, join us for a look at how to build a winning digital foundation in the connected era – today and in the future. In his session at @ThingsExpo, Chris Nguyen, Group Product Marketing Manager at Adobe, will discuss how to successfully leverage mobile, rapidly deploy content, capture real-time d...
IoT generates lots of temporal data. But how do you unlock its value? How do you coordinate the diverse moving parts that must come together when developing your IoT product? What are the key challenges addressed by Data as a Service? How does cloud computing underlie and connect the notions of Digital and DevOps What is the impact of the API economy? What is the business imperative for Cognitive Computing? Get all these questions and hundreds more like them answered at the 18th Cloud Expo...
As cloud and storage projections continue to rise, the number of organizations moving to the cloud is escalating and it is clear cloud storage is here to stay. However, is it secure? Data is the lifeblood for government entities, countries, cloud service providers and enterprises alike and losing or exposing that data can have disastrous results. There are new concepts for data storage on the horizon that will deliver secure solutions for storing and moving sensitive data around the world. ...
What a difference a year makes. Organizations aren’t just talking about IoT possibilities, it is now baked into their core business strategy. With IoT, billions of devices generating data from different companies on different networks around the globe need to interact. From efficiency to better customer insights to completely new business models, IoT will turn traditional business models upside down. In the new customer-centric age, the key to success is delivering critical services and apps wit...
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
SYS-CON Events announced today that 24Notion has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. 24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to con...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, will discuss the importance of WebRTC and how it enables companies to fo...
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
Korean Broadcasting System (KBS) will feature the upcoming 18th Cloud Expo | @ThingsExpo in a New York news documentary about the "New IT for the Future." The documentary will cover how big companies are transmitting or adopting the new IT for the future and will be filmed on the expo floor between June 7-June 9, 2016, at the Javits Center in New York City, New York. KBS has long been a leader in the development of the broadcasting culture of Korea. As the key public service broadcaster of Korea...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will discuss the vast to...