The pace at which the technology has changed in the past 5 years and the introduction to the disruptive trends has put most of the existing solutions obsolete or very soon to be obsolete. Organizations have lately started taking security and data seriously and Identity and Access Management (IAM) as a technology has got lot of attention because of the efficiency, compliance requirement, cost savings and minimal human intervention. IAM has grown from a good to have feature in the technology landscape to the most sought after requirement. Organizations moved away from home grown IAM solutions to professional vendors and suppliers to implement it.
But IAM as a technology has grown in the security landscape. We have seen many disruptive trends emerging specially BYOD (Bring Your Own Device) and IOT (Internet of Things) and Wearable’s. Now organizations has to adopt this trends sooner or later as its happening in cloud computing space and there will be a change in the IAM implementation strategy as well.
Vendors will come up with new solutions with the existing IAM Suite; already some of the vendors have started tapping the BYOD market. BYOD empowers an employee to work from anywhere and results in high employee satisfaction and a better work life balance. But at the same time it will put a lot of confidential data at risk if not handled properly. An organization would need to have a careful due diligence before implementing the BYOD. It needs to carefully decide to allow which section of workforce will be leveraging this facility and to what extent? An error in handling can have catastrophic effects on the trust, security and capability of the organization and finally can take a course of a lawsuit. BYOD comes with its own share of risk as the organization will lose control over the IT hardware and how it is used? Organizations have to be adept not to interfere between personal and professional data of the employee. Company used IT comes with an acceptable use policy and it is protected by company issued-security that is managed by the IT department, but it’s tricky to implement the same acceptable policy on employee's personal device.
Make sure you have a clearly defined policy for BYOD that outlines the rules of engagement and states up front what the expectations are. You should define minimum security requirements, or even mandate company-sanctioned security tools as a condition for allowing personal devices to connect to company data and network resources.
There is also an issue of compliance and ownership when it comes to data. Businesses that fall under compliance mandates such as PCI DSS, HIPAA, or GLBA have certain requirements related to information security and safeguarding specific data. Those rules still must be followed even if the data is on a laptop owned by an employee.
In the event that a worker is let go, or leaves the company of their own accord, segregating and retrieving company data can be a problem. Obviously, the company will want its data, and there should be a policy in place that governs how that data will be retrieved from the personal laptop and or Smartphone. The IT department should be capable to remote wipe the data in case of any theft or loss of device.
As on today some IAM vendors has plugins for mobile apps and social. As the majority of the applications are still web based and as the mobile penetration and user base is increasing and the comfort with which people have accepted apps as a replacement for web based solution. Soon organizations have to move to apps to give a better user experience and on the go solution to the customers and that will follow a great shift and focus in the implementation strategy of IAM solution. The challenges while implementing and integrating applications would be as there are a majority of devices running on different flavors’ and versions of operating system that are available in the market. One of the most used mobile operating system is open and can be vulnerable because you can write your own custom code and embed it. As we know that some hobbyist always root their phone to get into the black box and tweak the standard setting of the operating system, it can be good for the individual user experience as it gives more control over the device but it comes with the security risks which can be disastrous if someone chooses the very device for professional purpose. So as mentioned earlier, organizations have to come up with their set of rules which needs to be the guiding light for the BYOD adaptation.
The same thing will happen in case of IOT and Wearable’s. Imagine a day when you will have the ability to reboot the servers or read the logs on your wearable that too real time, while you are on the move or having coffee in Starbucks. Very soon I believe that standardization of these technologies will happen and it will come under one umbrella and have a global do’s and don’ts and it will be a win-win situation for everyone staring from the consumers to the organization and the vendors.
Authored by Vikash Singh