Over the last few years there has been growing acceptance of the need for digital transformation. Yet, the term digital transformation covers many different ideas and technologies dependent on your perspective. From the adoption of digital photography, printing and camera technology that saw the traditional film and camera businesses drop by the wayside, to the rapid emergence of the Internet of Things that underpins smart metering, connected cars and the foundational infrastructure for many of the consumer services delivered that power modern life.
Burning Tree is focussed on investigating the enterprise value that can be gained by leveraging the rapid and inventive adoption of cloud, DevOps, containerisation and virtualisation technologies (to name a few); how they can positively impact and accelerate the transformation of core business activities, processes, competencies and models, while also ensuring that the key tenets of good governance and security are maintained. This can be a difficult balancing act.
The huge value in simplification of service delivery, reduced infrastructure costs and radically reduced time to market are massively compelling and almost every client is undertaking or building a digital transformation strategy in some form or other.
The need to scale hardware to meet peak performance or high availability targets, if managed correctly, can be largely removed. Why not let the service provider worry about the infrastructure?
Similarly many organisations want to be more agile, using DevOps and container technologies to significantly reduce application delivery timescales. Many organisations have aspirations to reduce new product development and launch times from 18 months down to seven days. This is a major step forward and can be massively beneficial to the business.
While we all hate the idea that the security team is the group that always says “no”, it does fall to us to look at how this very exciting and potentially game-changing technology impacts on security and corporate risk. The area that is currently of particular interest is how next generation Identity and Access Management (IAM) is achieved in this brave new world.
Digital transformation and identity & access management
Right at the heart of successful digital transformation programmes is a well-defined and structured information security plan.
Within this, IAM is the most significant control in protecting information, revenue and business delivery. However, while IAM is a key component of digital success when relying on a digital profile or identity to transact, it is an area that often gets overlooked until late in many digital transformation programmes.
Considering how important IAM is for protecting business assets and revenues, it should be factoring much earlier in the digital transformation process. Here are five key components of IAM in digital transformation. If you're about to embark on a transformation programme, address them now!
Important components of IAM in digital transformation:
1. Authentication method – Must include ease of use including single sign on between different sites, allow for step-up authentication for high risk transactions, strong passwords are advisable.
2. Identity management – Know your customer and ensure that you have a global unique identifier that allows a consistent delivery of service across all environments. Ensure that internal users are managed through their lifecycle with good and simple joiner, mover and leaver processes.
3. Digital rights management – Make sure that digital content (books, video, music, games, etc.) is protected from piracy and theft.
4. Privileged account management – Protect against the insider threat, make sure that abuse, misuse and mistakes are minimised.
5. Compliance – Consider the impacts of privacy law (consider de-duplication and de-identification), PCI/DSS, Sarbanes Oxley and other regional or industry regulations.
Identity management also needs to balance security with friction-free user journeys. Whether its a customer buying goods or services online, or an employee accessing sensitive data on internal systems, these processes need to protect the user and the business, but also ensure there are no barriers to use.
Contributed by Des Powley, Burning Tree
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.