Corporate information security is increasingly being challenged by today`s expanding mobile workforce. The use of identity and access management (IAM) strategies, however, can go a far way to overcoming this challenge, says Kelvin Adams, Global Security Solutions country manager for Computer Sciences Corporation`s operations in South Africa.
With an ever-increasing number of diverse staff members logging into corporate information technology (IT) systems from a rapidly growing number of locations, the nature of the IT platform in most corporates is becoming progressively more heterogeneous.
"Laptop computers and handheld devices can communicate with corporate systems from anywhere within the office or from the outside using wireless technology, including 3G and Blackberry," says Adams. "It is therefore crucial that enterprise security monitors acknowledge and authorise each user`s right to access specific platforms and applications.
"There is also the threat of hackers accessing corporate systems. Many of these attempts may be pranks, but they also could be acts of industrial espionage or competitive attempts to disrupt operations."
Adams stresses that in using IAM strategies to overcome these problems, it is essential that companies implement them according to specific policies and procedures. "It is only in this way that a company can realise IAM`s full benefits."
For example, successful large-scale IAM implementations must have an executive champion, not from IT, but from senior management.
"IAM is not a strategy that IT management can tackle on its own. IT must educate and advise executive management of its strategic business benefit and solicit the business` support if it is going to successfully protect information over the long-term," Adams states.
One of the first steps in developing an IAM strategy is to determine a working definition of identity that incorporates business, application and IT infrastructure views of identity.
Adams says that as identity management element solutions have been part of the IT infrastructure for many years, implementing a comprehensive solution will involve identifying those systems already in place, and integrating the old and new identity management tools.
"Implementing the technology for identity management is relatively easy. The thorny issue is the politics concerning people and the enterprise. Identity and access management is directly tied to issues of political power groups within the business, the existing information security culture, and attitudes toward issues of trust and risk management.
"The IAM strategy should therefore be implemented and tailored by means of a well-considered change management process that takes these issues into account, but at the same time realises a solution that is in the best interests of the business as a whole."
Adams believes that a sound source of identities will benefit effective identity management deployment. "Many organisations have deployed effective identity management infrastructures for the enterprise, mainly by streamlining directory needs, establishing an effective directory integration strategy and a consolidated authentication strategy.
"Even though such infrastructure is not a prerequisite for deploying IAM solutions, the more complex and unorganised an infrastructure is, the more expensive the IAM initiative is likely to be."
Adams says that an effective IAM deployment cannot occur without some organisational and process changes. "This doesn`t necessarily mean employing more people in the IT department, but it does mean that specialised IAM roles must be put in place. IAM is a critical corporate security service that requires skilled people who keep abreast of technology."
He points out that developing, enforcing and auditing IAM solutions are core elements of compliance projects. Compliance is designed to ensure the right person has the right access to the right applications and systems, as well as making sure that an individual has not violated or attempted to violate his or her assigned access rights.
Adams adds that even though expanding mobile workforces present security challenges, the situation is exacerbated by the demands of regulatory compliance. Here too, IAM products and services can play a critical role in addressing security challenges.
New technologies, in particular expanding mobile technologies, will continue to challenge corporate information security. "While implementing IAM strategies throughout an enterprise may be complex and at times onerous, the huge contribution IAM makes towards protecting corporate information make it well worth the effort," Adams concludes.
Share
CSC offers the South African market a wide range of services, including systems integration, application and infrastructure outsourcing, and business process outsourcing (BPO), as well as financial services solutions.
In South Africa, CSC also provides BPO services to manage the policy processing and administration for US and UK financial services customers, which include banking, short-term insurance, and life and pensions providers.
A leading IT services provider, CSC adds value through its collaborative approach to delivering fast, reliable and flexible solutions. CSC opened its doors in South Africa in November 1999 and today has offices in Johannesburg and Cape Town. For more information, contact (021) 529 6500 or (011) 612 5400.
CSC
Founded in 1959, Computer Sciences Corporation is a leading global IT services company. CSC`s mission is to provide customers in industry and government with solutions crafted to meet their specific challenges and enable them to profit from the advanced use of technology.
With approximately 80 000 employees, CSC provides innovative solutions for customers around the world by applying leading technologies and CSC`s own advanced capabilities. These include systems design and integration; IT and business process outsourcing; applications software development; Web and application hosting; and management consulting. Headquartered in El Segundo, California, CSC reported revenue of $14.6 billion for the 12 months ended 30 December 2005. For more information, visit the company`s Web site at www.csc.com.
Editorial contacts