This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Jericho Forum: Identity and access management need to be separated in the business

Share this article:

There is a need to separate identity from access management and treat the two as separate entities.

Paul Simmonds, former CISO of AstraZeneca and board member of the Jericho Forum, told SC Magazine that with identity and access management (IAM) the main challenge is containing identities within the perimeter as business communications fragment.

He said: “The issue is on the move outside the perimeter, which is driven 100 per cent by business and the IT administrator is playing catch up, as is security. There is a change to operations and extended identity into that environment. It is not access management, it is 'can I do identity and once I do it, can I use it outside the environment and then take all of it and do access management?' These are two separate things and need to be looked at separately.”

He said that the only way to divorce identity and access management is to move access management from a non-username to a claims-based system. “You have to cover multiple identities and you need access by rules and then these people are included in a project and joint venture,” he said.

“To deal with collaboration, you separate identity and access management and have identity that you can claim locally and have access management that will consume identities from multiple sources.

“The future might be collaborating identity, but are you coming in from a corporate or public machine? Can the machine assure that you can produce a secure sandbox for what you are downloading? The rules are more complex when you can prove who you are.”

Talking about why this was an issue now, Simmonds said that as more access is required from outside the perimeter via remote workers and personal devices, identity is crucial.

He said: “There are two reasons why: the time is right and cloud is taking off. You have got to have identity but no one has done the thought leadership on this, but what problem are we trying to solve? Identity goes to the heart of getting things right. Get it wrong and you go to the heart of the company.

“These are fundamental issues at play and we need to find and expose them, as well as look at identity management solutions.”

Approving of this concept was Julian Lovelock, senior director of product marketing at ActivIdentity. He said: “Identity management is setting up an account on system ‘A' and ‘B', but you do not go across systems and what happens when that person leaves? Access management is about setting up access and when a user logs in, how do they know who it is and is it secure. Access management is about security.” 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.