Incepta Solutions is proud to be a sponsor and speaker at the CIS (Cybersecurity & Identity) Summit 2021 hosted by IN-SEC-M!
The Cybersecurity & Identity Summit (CIS) is an essential event for the Technology industry, providing leading-edge insight into cyber risk prevention and digital identity management. CIS is a forum designed to encourage business leaders and government policymakers to share ideas and concerns about cybersecurity, digital identity, and data protection with industry experts.
The virtual event is on April 26 – April 30, 2021. Our lead #InceptaInnovators will also be spearheading a 20-minute thought leadership fireside chat on cybersecurity, identity, and how Incepta Solutions have played a key role in the cybersecurity strategy of businesses with a global presence.
CIS Summit 2021
Presentation Topic: Best practices to implement Identity and Access Management for corporate IT projects
Date and time: Thursday, April 29, 2021, 11:00 AM – 11:20 AM (Eastern Daylight Time)
Session description:
In a world where digital transformation is accelerating among corporations, identity and access management has increasingly become an integral part of all transformation initiatives. Without having a proper strategy to integrate identity and access management in projects, corporations face the risk of exposing private and sensitive data to unintended audiences.
Attend this session to learn about industry-leading best practices to successfully implement identity and access management for your next IT project.
Speakers:
Ishtiaq Ahmed (Managing Partner, Incepta Solutions) x Rick Bolt (Director of Sales, Incepta Solutions)
____________________UPDATE_____________________________________
Session Transcript
Hello everyone! Welcome to our live fireside chat, “Best practices to implement Identity and Access Management for corporate IT projects.”
I’m Rick Bolt, Director of Sales at Incepta Solutions. And how this session will run is that I’ll be interviewing our Managing Partner, Ishtiaq Ahmed, on this important topic within the corporate security domain.
Although I’ve worked with our clients in numerous projects involving identity and access management, we will keep it more of an engaging Q&A style for our audience.
We see that the session attendees are coming from a variety of backgrounds so let’s start with the foundations.
Q1: My first question is, would you be able to share with us what exactly is identity and access management (IAM)?
Identity and Access Management is about defining unique IDs, roles, and privileges of network entities in an enterprise when it comes to accessing corporate applications and data.
An entity can be a user such as an employee, customer, partner, vendor, or it can be a device such as a cell phone, workstation, or another application.
The goal of identity and access management is to have a unique digital identity per entity and have it managed during the lifetime of the entity in the corporation.
Q2: Great, thanks for setting the stage for our audience! Now, what is the importance of having an identity and access management component in corporate IT projects?
As we all may know at this point, a data breach is one of the major risks that corporations face every single day. Improper use of identity and access management may result in a data breach or cyber fraud that typically costs north of 4 million dollars per incident for a large corporation.
This is why it is critical to have an identity and access management component in every corporate IT project that deals with sensitive corporate data.
It can be financial data, employee data, or customer data.
It is critical that the project gives proper attention to ensure data is exposed to the right entity, whether it is a person or another internal or partner system. If we reflect on our current situation, COVID-19 has emphasized that it’s even more important to have an identity and access management planning for corporate projects.
Here are some quick stats. According to a recent report by Gartner and Forrester, 70% of CIOs have mentioned that strengthening identity and access management is one of the key areas they will be spending budget over the next 12 months. So to tie it all together, it would be wise to have a proper identity and access management strategy for every project that will be rolled out in a corporation.
Q3: Definitely see the importance of having a concrete identity and access management strategy. What should corporations do from an identity and access management standpoint when implementing a project that involves access to their internal systems and data?
Let’s dive deeper into this, Rick.
On average, large corporations use more than 1,100 systems to run their business. You can imagine how critical it is to have a planned approach in managing identity and access and have them become a key part of every relevant project.
I have put together a slide here to show a maturity model that can be adopted by businesses.
This is an incremental approach that starts with the persistence layer.
The layer that will act as the master source of truth for all identity and access-related data. User profiles, passwords, user roles, policies, etc are some examples of identity and access data. On top of that – businesses should unify the platform as much as possible – consolidation, and less diversification would be the guiding principle here. Companies can adopt an all-cloud approach or a hybrid approach.
Above this layer is the product layer. Often companies are using commercial off-the-shelf products to do their identity and access management needs. Big players like Oracle, IBM, and Broadcom have products in this area – just to name a few.
On top of this layer is the API layer. This is very critical to expose all identity and access management-related capabilities as reusable building blocks. This will allow corporations to have the agility to integrate identity and access management faster in the project.
We also recommend using an API Manager and an integration platform on top to externalize security and performance measures around identity and access management APIs. We use products like MuleSoft and Azure Logic Apps to provide this functionality.
Q4. It sounds like there’s a number of layers involved. What’s the level of difficulty to making sure identity and access management are addressed in every project?
Yup, that’s a good question. What we often see is that corporations keep identity and access management as an afterthought.
They realize late in the game that this particular piece of the puzzle was not addressed from the get-go.
As a result, we see that the original timeline and budget become impacted. The right design is not in place and the project team rushes to do something quick at the last minute.
We also see that corporations often get overwhelmed by the extent of the investment they need to make to have a mature identity and access management platform.
At Incepta Solutions, we have a comprehensive project delivery process that addresses all these issues in a methodical approach.
We work closely with the IT and business sponsor to define the most optimized solution to not only deliver the immediate need but to also ensure that they are making the right step towards their target state platform.
Q5: Now, we saved the best for last. I’m sure our audience is also curious to know: Can you share a success story on implementing identity and access management?
We have done many projects where we had to take care of identity and access management pieces. We not only deliver a solution that has identity and access management embedded, we also advise customers.
As a solution provider, our goal is to become an innovation partner with our clients. We work together to define a roadmap for their identity and access management journey.
We help them distribute the cost of having a mature identity and access management platform over capital budgets.
For one of our customers who is a global beverage company, we walked together to build their identity and access management maturity model.
Right now, we are in a situation where all of their identity and access management capabilities are exposed as nimble APIs.
For every project we do with them, we can easily take care of the identity and access management with little effort and cost to the project.
