How do I ensure that the employees of my organization are accessing the right resource with the right level of security?
I’ve been talking about the challenges of how to secure enterprise assets and data since taking up my new role as CISO. My next task in my new role was to look at IAM (Information Access Management) within the business.
I was inclined to put more stringent information access controls in place, and to place a greater onus on user verification. But more barriers can have a negative impact on the customer experience.
So, I spoke with Peter, my Head of Compliance. Peter sets the access and governance policies for the company. With ultimate accountability for IAM, Peter’s responsibilities have become more complex recently. In fact, the increasing number of ways that people can access information as a result of device proliferation and trends like BYOD have made Peter’s life extremely challenging.
Following an internal policy review, Peter and I mapped out ways to give the right people the right access to the right information quickly and securely. The quality of the end-user experience was a priority.
We liked the idea of deploying an onsite IAM solution. But Peter felt this would be costly and challenging from an HR perspective. The ROI would also be difficult to prove. We needed a completely new approach.
That’s when I introduced Peter to Capgemini. They were speaking at a compliance event, and we attended a session on their Identity and Access Management as a Service (IDaaS) offer. Peter was impressed by the deployment speed of this service. He was also attracted by its scalability, which he felt would be cost-effective and help diminish risk. So we commissioned IDaaS soon afterward.
For the first time in a long time, Peter now feels like his job might actually be getting simpler!