'With Workforce Mobility There Is Greater Need For IAM'

IAM (Identity and Access Management) has become a core element of the security infrastructure within any organisation. It is not only viewed as a security enhancer but also as a business enabler. Shree Parthasarathy, director, Deloitte, and Manish Malhotra, director and country head-Software, Sun Microsystems, in conversation with Biztech2.0, talk about how IAM impacts various facets of a business and its growing importance in the corporate domain.

How can IAM implementations be made easy as they generally touch all business processes and users?

SP: If it is looked upon as a technology deterrent then it is a wrong perspective and difficult to overcome. However, if you look at it as a business enabler to streamline processes, it assumes a very important role. In today’s environment, there are too many administrative and operating silos. IAM can integrate those silos. For example, when it comes to user management, one can determine how long it takes to give an employee access to a certain application. Today, companies, rather than trying to grow organically, are growing through mergers and acquisitions. The challenge here is to integrate the new company into the existing environment and see how fast employees can get access to applications.

More from Biztech

Future Group - Reliance Retail Deal approved by CCI RBI ban on cryptocurrencies takes effect; prohibition could force investors to tap the black market

How can IAM make a mobile workforce more effective?

SP: The world is flat today and it is not merely employees, who access in-house applications, but also partners, suppliers etc who may be located anywhere. Based on their relationship with the organisation, they have to be provided access to certain applications in the organisation. From a mobile perspective, anybody can request access; however the request has to go through a proper workflow mechanism for review and approval. One person can have multiple relationships with the company and accordingly he may want access to applications. Thus, IAM is important for the protection of core infrastructure.

MM: There is a greater need for IAM today as more and more companies now have a workforce that is mobile. Now, access is not just a function of who you are, but involves where you are coming from and what levels of clearances you have. The problem with managing identities and associated metadata becomes more significant because the workforce is mobile. Technology has actually moved to that point where it can satisfy our requirements. If the workforce is mobile, there is a business need to support them.

How do you see IAM evolving in different environments like Linux, Windows etc?

SP: Over the past seven to eight years, IAM has moved from niche vendors providing proprietary products to enterprise vendors providing entire suites of products. It does not matter whether the underlying infrastructure is UNIX or Windows. The tool can be looked on as middleware, which can integrate with any OS.

How can IAM solutions address security concerns in a virtual environment?

SP: A virtual environment is about non-repudiation. One of the things that Deloitte does is upfront analysis i.e. taking the entire information flow into consideration. Upfront mapping of information is done and access is accordingly given to different factions in the overall information flow. For example, in the financial system, approving who will get access to which information is determined through upfront analysis.

What is your view on IAM being heavily provided as a service?

MM: IAM is not just a technology, it is being provided as a service also. As a hosted model, it definitely holds potential. However, it will be available in both formats and there will not be a complete shift to the hosted model. SaaS, however, has the potential to bring about a paradigm shift in the entire market, where customers want to leverage shared infrastructure. The complexity of the environment, the installed base of users and the need to provide enablement within constraints will influence the decision of organisations regarding the model of service. In dynamic environments, there is a greater propensity for changes to take place while it is less so in an SMB kind of environment.

What do you think are the main drivers for IAM during the current times of slowdown?

SP: There are about 10-15 enablers and drivers of IAM. The main focus though is on compliance, information security and risk management. These are imperatives whether in a down economy or an up economy. The other elements to typically look at are process improvement, cost containment etc.