The Solution & Key Considerations
Traditionally, everything inside the network perimeter was trusted by default. Today, identity management in tandem with the zero trust methodology requires more granular configuration policies. This adjustment eliminates inherent trust and shifts security controls to where the user accesses resources based on their digital identity.
Identity management enables organizations to manage risks and establish trust by continuously assessing user identities and devices and their behaviors and contexts. Gartner predicts, “by 2024, 30% of large enterprises will newly implement identity-proofing tools to address common weaknesses in workforce identity life cycle processes.” Identity-proofing tools aid in verifying users based on historical data derived from public and proprietary sources, such as transaction history. Gartner further suggests that, “identity proofing and affirmation capabilities can add value in other ways, providing alternatives to orthodox, credential-based methods for workforce authentication.”
Implementing or amending an identity management program is a challenging but very rewarding project. Before taking the leap, organizations must first assess where to start by addressing their current state, then strategically identifying their desired target.
Leaders should account for the following factors when reviewing their current state and desired future state:
Obtaining stakeholder support and engagement is imperative for any project, including identity management. IT leaders must consider multiple stakeholder viewpoints before constructing an identity management strategy. Stakeholders may not recognize the impact that an identity management project may have on their functional business areas. They may also have conflicting needs or unrealistic expectations.
As security leaders attempt to replace incumbent identity management solutions, they must first assess current security policies. Leaders should ensure that security policies allow for operational scalability across user identities, workloads, and devices.
Security leaders should assess current security controls to identify gaps that address current and emerging threats. Security controls should enable the optimization of security funding and address your organization’s risk landscape.
Many organizations implement security programs based on compliance requirements. Leaders should consider their organization’s risk appetite in mapping out an identity management roadmap. As many organizations’ security postures have evolved since the beginning of the COVID-19 pandemic, it is likely that their risk tolerance has also changed.
Security leaders continue to seek a secure environment, but their desires are not always within reach due to budget constraints. Organizations need to balance risk reduction and available budget in procuring solutions that are the best fit for their security model.
Continue reading more considerations >>
IT and security teams continuously iterate on their current approaches to a secure environment. When embarking on an identity management project, it’s imperative to identify in-flight or planned initiatives that may introduce conflict or hinder productivity for project teams.
With the migration to cloud services and many organizations conducting business within a hybrid environment, security leaders should assess their workload footprint. Implementing an identity management program that addresses data centers and cloud footprints aids in seamless identity management integration.
When introducing an improved identity management program to your environment, you should consider current applications that may not play well with newer identity protocols or policies. Security should have a conversation with the business around whether the best approach is to accept the risk posed by the legacy apps in their portfolio, or to plan to migrate those applications.
Identity management program owners should consider network and perimeter communication and visibility capabilities to ensure smooth implementation. As identity management in line with zero trust relies on granular security controls and network microsegmentation approaches, it is imperative to ensure that network components can properly work together.
1 Burke, et al. 2 2 Khan et al. 2 3 Khan, et al. 8