This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Jericho Forum: Identity and access management need to be separated in the business

Share this article:

There is a need to separate identity from access management and treat the two as separate entities.

Paul Simmonds, former CISO of AstraZeneca and board member of the Jericho Forum, told SC Magazine that with identity and access management (IAM) the main challenge is containing identities within the perimeter as business communications fragment.

He said: “The issue is on the move outside the perimeter, which is driven 100 per cent by business and the IT administrator is playing catch up, as is security. There is a change to operations and extended identity into that environment. It is not access management, it is 'can I do identity and once I do it, can I use it outside the environment and then take all of it and do access management?' These are two separate things and need to be looked at separately.”

He said that the only way to divorce identity and access management is to move access management from a non-username to a claims-based system. “You have to cover multiple identities and you need access by rules and then these people are included in a project and joint venture,” he said.

“To deal with collaboration, you separate identity and access management and have identity that you can claim locally and have access management that will consume identities from multiple sources.

“The future might be collaborating identity, but are you coming in from a corporate or public machine? Can the machine assure that you can produce a secure sandbox for what you are downloading? The rules are more complex when you can prove who you are.”

Talking about why this was an issue now, Simmonds said that as more access is required from outside the perimeter via remote workers and personal devices, identity is crucial.

He said: “There are two reasons why: the time is right and cloud is taking off. You have got to have identity but no one has done the thought leadership on this, but what problem are we trying to solve? Identity goes to the heart of getting things right. Get it wrong and you go to the heart of the company.

“These are fundamental issues at play and we need to find and expose them, as well as look at identity management solutions.”

Approving of this concept was Julian Lovelock, senior director of product marketing at ActivIdentity. He said: “Identity management is setting up an account on system ‘A' and ‘B', but you do not go across systems and what happens when that person leaves? Access management is about setting up access and when a user logs in, how do they know who it is and is it secure. Access management is about security.” 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.