In the world of security and identity management, I believe that identity relationship management (IRM) is going to be the next wave of technology to addresses the ever-evolving identity needs for an Internet and cloud-connected world. IRM addresses several of the thorny technical issues that have been introduced by the rapid adoption of cloud, including scalability and contending with a growing number of technology environments and geographic locations. However, before organizations can truly embrace the power of IRM, there needs to be a shift in the mindset of CIOs and CSOs.
IAM: Time for a new Mindset
At its core, identity and access management (IAM) is about security and protection of the enterprise – who has access to the IP and company resources and from where can this information be accessed. In the traditional IAM world, only on-premises access was required. But, this is all changing—with the shift to cloud, mobile, SaaS and the Internet of Things, enterprises cannot be very restrictive in their access. If they are, they will lose out on building and expanding relationships with employees, customers and partners. Instead of being the head of the army protecting a fort, CIOs need to rethink their goals and figure out how they can help enable business, not just protect them.
Identity has traditionally been a boring, albeit necessary, infrastructure component, but I think it’s time to break out of that! The truth is, in a world where we want stakeholders to have access to information anywhere at anytime, identity goes beyond simply protecting your walls. The business value of identity will go up by leaps and bounds as enterprises provide access to their customers and partners. It is the CIOs, however, who will lead this charge because CIOs are most familiar with IAM systems and will understand how best to alter them to match this new reality. The faster and easier it is for companies to build relationships that are agnostic of the type or number of devices, the easier it will be to drive quick adoption of services – new and old.
IAM to IRM
Traditional IAM systems are heavy, complex and lack flexibility – built for a closed, on-premises environment. Now that identity needs to be implemented off premises – on the Web, cloud applications, SaaS – agility and flexibility are critical. The new level of scalability will also be very different and organizations will need to be conscious of costs, as they can quickly get out of hand with the exponential increase in users that the cloud can introduce. When a company is rapidly increasing its user base and broadening access to services through the cloud, the last thing CIOs want to worry about is whether access is easy and convenient. As a result, a good IRM solution can give CIOs a huge edge over the competition as they look to leverage these new technologies to drive revenue and grow business.
So before CIOs get ready to spend millions of dollars to securely manage these business-critical relationships, they need to reevaluate their identity system. There may be capabilities that haven’t been thought about just yet and could be the key to helping build a company’s business, enabling IT teams to quickly deploy new services and allowing employees, customers and partners to access them from anywhere. Maybe it’s time for CIOs to step out of the board room and into their IT security department and have a conversation – it’s a whole new world, and it’s time for a whole new approach.
Daniel Raskin | www.forgerock.com | @raskindp
Bio: Daniel is currently VP of marketing at ForgeRock and has more than 15 years of experience building brands and driving product leadership. Prior to joining ForgeRock, he served as chief identity strategist at Sun Microsystems. Daniel has also held leadership positions at McGraw-Hill, NComputing, Barnes & Noble and Agari. He holds a master’s degree in international management from Thunderbird School of Global Management and a master’s degree in publishing from Pace University.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.