
The importance of Identity and Access Management (IAM) has rapidly evolved in recent years and is continually developing. Initially, IAM was primarily a support for network functions (e.g., multi-factor authentication for VPN/firewalls). However, it has now become a central function in organizations. The vast number of applications, systems, computers, phones, cloud services, and on-premises services, combined with the need to ensure that the right users have access to the right information at the right time, makes IAM a crucial component in an organization's digital landscape.
At the same time, we see increasing security threats and more compliance regulations that must be met. The increased digitalization of society also enhances the significance of IAM.
How should an organization approach the selection of IAM products? Many seek a "silver bullet," a single product that solves all identity and access problems. It can feel convenient to have just one provider. Others adopt a "best-of-breed" strategy, using multiple providers for different IAM needs. Most organizations fall somewhere between these strategies.
Many of the tools used today are still very technical and designed by engineers for engineers. There is a high level of acceptance that tools for managing identities, access, and monitoring are technical. "That's how the tool works," says IT.
A preschool manager in a larger municipality mentioned that they are responsible for granting their colleagues access to a preschool application. They said: "I just go in and look them up by their six-character username, then add them to a security group called kommun-forskolan-vargen-applikation-35461-53223."
I asked: How do you get their usernames?
They responded: I ask them personally.
I asked: Do you know what a security group is?
They replied: No, but IT told me to do it this way.
I asked: Can you see multiple security groups?
They answered: Yes, many, but I don't know what they mean.
I asked: Do you see other menus and data where you make changes?
They responded: Yes, a lot, but I don't know what they mean.
I asked: How do you know you're adding your colleagues to the right security group?
They replied: IT gave me the name, so I always go into that one.
MMy conclusion from this conversation: Build a simple form where the preschool manager can only see who has access to the application. Make it easy for them to find and add people. Use a nomenclature that is understandable for the business, in this case, the preschool manager!
Note that no changes need to be made in the background. Users are still added to the correct security group. The technical complexity is hidden from the business, creating a more efficient and understandable process.
This is just one example of a simple feature that can be added to quickly enhance business efficiency on top of existing infrastructure.
I believe the future of IAM will consist of small solutions that quickly add value by streamlining operations, complementing existing infrastructure. Many "silver bullet" solutions will still need to be supplemented to optimize business efficiency.
Feel free to look at some examples where Fortified ID's solutions have been used to enhance operations, save money och boost new business:
Anders Björk, Senior Sales Engineer IAM, Fortified ID