This is the second in a series of blogs around the IDC infobrief: ‘Harnessing Identity to Position Security as a Business Enabler’. This infobrief details the perception and challenges of Security leaders and provides guidance on how to positively influence security perceptions, turn challenges arising out of digital transformation into opportunities and, finally, how best to engage the board. The infobrief can be downloaded below.
In my previous blog the topic was user experience and how crucial it is to adoption of security solutions. When you pull back the curtain, there are many elements that must seamlessly combine to deliver the required, and expected, user experience. One such element is scaling.
Digital transformation (DX) is top of the agenda for many organisations, and while many employees will associate this transformation with consolidation and upgrades, it almost always includes immediate expansion, or at the very least, future proofing for expansion in certain areas, such as the management of employees accessing business resources. Allowing employee access to business resources is vital to them adding value to the business, but the evolution of what they need access to, and where they need access from, has changed rapidly in the past 10 years.
Going from a “behind the desk” employee to a “mobile worker” places huge demands on the business. Some things are relatively straight forward to solve, like greater and faster connectivity speed, but others are more complex like using hybrid infrastructure to manage business critical applications. The blend of applications and services that employees need access to so they can add value to the business may not now sit entirely in the comms room at the end of the hall, or even in the local data centre. Some services may not be known to the business at all (Shadow-IT). It’s the role of IT to ensure that the end user never needs to be aware of this complexity, and it’s the role of the security team to ensure that this complex infrastructure and landscape of applications can be accessed in a secure, uniform manner.
Unfortunately, as we see from the infobrief from IDC, many of these transformation projects are happening and security isn’t always involved or aware. The result being that when security is brought in – sometimes after the project is launched, sometimes after a security breach – the new solution will need to be re-engineered to ensure that access to the business resources is done so in a way that does not put the business at risk. This re-engineering can impact the user experience, particularly if it is completed in a reactive manner.
Transformation of business resources of any kind should ideally be undertaken when security is involved from the very start; transformation must be secure by design – that should be the default position. The infobrief, which can be downloaded below, details why Managing Identity at Digital Scale to Enable DX is a key driver that security teams can leverage to get themselves back to the table where plans are being discussed and solutions are being brainstormed. (This is the second of five Identity Drivers, with Optimised User / Customer Experience being the first.)
The Managing Identity at Digital Scale to Enable DX driver section of the infobrief identifies four ways by which security can not only be involved in transformation projects, but also add significant credibility to the work being done. One such way is to support mobile strategies and position how Identity and Access Management (IAM) solutions can deliver at scale and meet user experience expectations. The right combination of Single Sign-On (SSO), EPM (Enterprise Password Management) and MFA (Multifactor Authentication) will be unique to each business.It’s the blend of these IAM services that will enable the business to scale securely.
In addition, effort is required on the side of the security leaders to be proactive and detail the value they can add so they are considered a business enabler and not a blocker, further elevating their voice through the organisation and up to the board.
Download the IDC Infobrief that details all five Identity Drivers, along with challenges that security teams face, how security teams are perceived, and how to talk the same language as the board.