Adaptive identities coming to forefront of security: RSA: Page 2 of 2
By Gabey Goh June 10, 2013
Key to deploying new locks
Manoj (pic) said that IT departments were agreeable to using IAM as a software-as-a-service (SaaS) offering hosted by RSA as they had too many challenges with legacy infrastructure and systems to consider an on-premise deployment.
“Then the discussion becomes about how to make things simpler for their business users, and with more applications and workloads being moved to the cloud, it reaches a tipping point where they protect more stuff outside their environment, so it makes sense to do the same with IAM,” he added.
However IT departments traditionally dictate security protocols and measures almost independently from the rest of an organisation’s other divisions, making it a very one-way imperative.
With the rising importance of IAM and consequently more granular controls and customisation required with individual employees or departments, increasing collaboration by IT departments with other areas of the business becomes crucial for a successful deployment.
When asked for his thoughts, Manoj agreed that the collaborative aspect of IAM implementation was important.
“It’s about adaptive management, about bringing the business user and business context into the discussion. The onus is on IT to make it part of the workflow, and to demonstrate to the CEO that such measures would better enable added business value,” he said.
“For example, by demonstrating how a dynamic IAM solution can aid in meeting demands of compliance and audit, and allow employees to work freely with less risk and incidences of fraud,” he added.
Making IAM easy to use and simple for end-users is also another key factor for successful implementation. While end-user authentication tools such as physical tokens, random password generators and biometric authentication could be deployed (perhaps to the chagrin of the end-user), Manoj noted that in today’s interconnected world, the enterprise no longer controls the employee.
“The answer is to let users take ownership of their identity. The first step is to build a high assurance digital profile and then give the user control and choice. But simplicity is the key: How do you make it a seamless experience?" he said
"Why does the traditional username and password login still persist? Because it’s intuitive and the user feels it is easy,” he said.
Manoj also said the real task lies in adding passive inputs to lower the number of user input steps for authentication (see diagram on left).
“It’s about leveraging behavioural insights derived from big data analytics to intelligently assess a user’s risk of compromise. For example, if a user logs on at the same time every day from the same IP address from a mobile device from outside the network, and accesses the same workloads or applications, the system will recognise that pattern and assign a lower risk score,” he said.
When asked about the preparedness of enterprises globally to shift to such an intelligence-driven IAM strategy, Manoj noted that with newer enterprises especially in emerging countries, they are leapfrogging and have a higher willingness to adopt.
“New enterprises see the benefits of IAM and the rationale is, why build cumbersome infrastructure when you can go direct to next-generation identity management?” he said.
Manoj added that he expects the next 12 to 18 months to be the start of a tipping point, with growing companies getting aggressive in finding and adopting solutions such as identity management as a service. Conversely, on the other end of the scale, established large corporations which have attempted to build everything internally but failed, will start start looking into external services.
Gartner's estimate of revenue across all segments of the authentication market for 2012 remains approximately US$2 billion, but the firm believes it to be a conservative estimate due to lack of revenue data and because of the "long tail" of the approximately 200 authentication vendors not included in its research.
“We estimate the overall customer growth in the market to be approximately 30% year over year. Because of the continued shift toward lower-cost authentication solutions, we estimate the overall revenue growth to be approximately only 15%,” the report stated.
To read the Gartner Magic Quadrant for User Authentication 2013 report in full, click here.
Gabey Goh reports from RSA Conference Asia Pacific in Singapore at the invitation of RSA. See also:
Big data approach can help shore up cyber-defence: RSA
RSA to help create next generation of Singaporean cyber-security pros