Video: Identity and Access Management Q1

Please Rate this video:

Please select an option from 5 to 1
How do you extend Identity Management across multiple platforms (including Cloud), rather than just on prem?


So we're going to start with the first question which is how do you extend identity management across multiple platforms including cloud rather than just on-prem?

And we're going to start with Joe

Absolutely that's a great question to get started with and it's really important kind of when you look at a lot of these applications it's really important to understand well first of all is the purpose and the risk that you have of those applications and also the types of identities that's being used and the roles that people are using to access um whether it be on-premise applications you know traditional types of applications whether being applications that's sitting on you know endpoints on the edge whether it being sas based applications which are being hosted in the cloud or they're being basically cloud environments that you're actually even hosting either your own infrastructure your own platforms or your own applications and virtual environments and containers so many companies right now especially this year have been doing a lot of digital transformation and there's you know very few companies that have a single cloud approach they end up having either a very mixed of hybrid environments they still have a lot of the you know traditional on-premise side of things they're still hosting in data centers it's partially virtualized and also across multiple cloud providers including sas applications so one of the most important things is is that you get into consolidating the access controls if you're leaving people to going in individually into each of those systems what they're going to be doing is they're going to be duplicating replicating and reusing the actual passwords and security controls across all of those systems meaning when one gets compromised you're actually exposing yourself to major risks across the many so for organizations it's really important to get a really good identity governance to get something that allows you across all of those systems to single kind of purpose verify the identity of a user so this really gets into making sure as they're logging into those systems that you have a consolidated governance system that allows you to make sure that you actually have visibility into when people log into the systems and how long they're using it and also what security controls are being applied and this gets into a lot of organizations that take a single sign-on approach but it's important single sign-on doesn't necessarily enhance the security controls in effect it actually allows you to do better provisioning and unprovision capabilities so single sign-on should always be augmented with additional security controls such as identity access governance such as multi-factor authentication and privilege access and by taking that approach it will allow you to get better transparency and visibility and auditability across that multi-hybrid cloud environment that many organizations are facing today

Brilliant okay over to you Lorraine

so so my responses today are really going to be from like a cecil side in the business and sort of how the business is seeing it so you know for me it's about looking at an approach that's aligned to your business your roadmap you should be having this sort of laid out and understanding that identity and access management is an iterative process a lot of people sort of get it plug it in and off they go it's you know it's it's not just for christmas it's for life so it's really about making sure that we get these processes and roadmaps aligned to what we're doing and you know who's who's there what are they doing and how do you manage them and what do they need to do so it's really about setting those parameters and those statements and and really offering really good governance and maintenance after that so i think you you know i don't believe technology is the solution um or only solution i think we also have to look at you know we talked about it before you know um the management and the governance side i think we have to have good processes and i think you also have to see you know we see identity coming from all over the place so we we're seeing it federated around it's also looking at you you said consolidation but i've looked at it more on the you know where is my authoritative source what am i using as that single point of truth and knowing that i've got all these federated areas that are pulling in and identity information and how am i going to use that i want to ensure that i still have that ethos of you know one user one identity regardless of where they're federating across or utilizing in the system so hence i've taken a good as much single sign-on as possible for that process but also things like collaboration between hrit and the business right we don't have any of those people on board um you can run off with it systems and go and develop an nhr so but that's not how we provision people i don't have role-based access you know it's just jimmy's coming in and he's needing this access and the manager's got to create it so i think you really need to ensure that you've you've got a roadmap that includes all of the business um and the right people within that business and that you know it's all aligned and moving at the same time and that you can actually you know bring these teams together user experience is what it's for

Excellent all right Simon

yeah yeah going back to what joseph said i mean our first consideration is around the classification of the of the data and obviously depending on the classification is what controls it and the need to protect that data so one of the first things we oh i i would say is we need a strategy on how we're going to manage identity access management and i mean the question is really around multiple platforms a number of platforms will have a number of options on how they can do iam and it's potentially aligning them so we are all using the same solution so we we go back to that single source of truth rather than putting multiple platforms in place they've got multiple different solutions so we say we're having that strategy so that we all use this is our corporate solution we're going to use this iam platform therefore all systems that are aligned to it and therefore you can then integrate you want any cloud solutions to that same solution

Okay Ricky

thanks john um well i agree with uh my fellow panelists uh the one thing that i think we do need to mention is that there isn't a congruent system at the moment that um aligns for every organization so what we find when we work with clients and and customers internationally designing these systems is that it's quite eagle they piggly there's lots of multi-cloud platforms uh different technologies out there and the biggest challenge that the customer has is actually getting something that will work with all the environment so there's there's obviously a lot of people involved so we need to consider the people and that's quite important and the people the people are first they come first in every strategy or technology implementation that's out there because they're the ones are going to have to be using it the admins and the and the users themselves the technology you can make it do whatever the limit of the technology is depending on what the capability of the technology is but what i'm saying here is it's really difficult to find the the right technology for this particular solution because just because of how spread out it is if you look at something like google cloud or microsoft cloud or um aws there's just quite a few things that are quite um spread out and to make it all work together is quite challenging there are vendors out there that that do have a very good way of making iam work but it does take a lot of um implementing let's just put it that way and then you've got the processes that people tend not to follow very well so that means that they could come in from anywhere and then bypass your iem solution so you do need to have that focus centrally so that your applications and the stuff you're trying to protect are behind your iem solution and there aren't any any holes in leakage so my my final answer is it's with difficulty it's not easy stuff to do when you say how

I think we can all agree on that one okay excellent so that's one question down