Since the start of the COVID-19 pandemic, identity management has taken center stage as the key enterprise security practice for enabling remote workforces while protecting company data and IT services. Though much of the media hype has focused on evolving technologies in enterprise identity and access management (IAM)—such as enabling passwordless and multifactor authentication—it is often overlooked that identity governance and administration (IGA) is experiencing its own renaissance not only due to pandemic-related access requirements, but also in support of recently-enacted compliance regulations, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Five Key Identity Governance Features That Your Identity and Access Management Solution Does NOT Support
Identity and access management (IAM) has been an integral part of IT since the early days of computing. Foundational to the security of IT resources is the need to identify who may access them, and placing limits on what they can do with them. Since these requirements were principally established to support internal business processes, IAM practices and technologies evolved to specifically support business employees. Following the introduction of the internet, however, new security challenges evolved in support of ecommerce. Rather than having to support a limited number of employees, businesses now must ensure the secure delivery of digital engagements with an expansive range of customers and marketing prospects. These challenges greatly accelerated over the last two decades due to the rise in popularity of consumer-focused cloud services and increasing user mobility.
One-half of one second—that is how brief of a time-span it seemingly can take for a business to lose a customer. Gaining and retaining consumer attention is something of a nuanced art form and science that can be completely undone by an easily misplaced word or a cumbersome process. Businesses frequently lose customers not because they have an inferior product or service but simply because, for some reason, the customers had a brief negative experience. While it is impossible to control what customers are thinking and feeling at any given time, it is clear that many of these negative impressions are self-inflicted by businesses that fail to create welcoming environments. Unfortunately, many organizations find it difficult to adopt CIAM approaches that enable favorable consumer experiences without violating security requirements. After all, the primary purpose of CIAM is to protect a business’s intellectual property, secure private customer information, and prevent account misuse or fraud.
When regional stay-at-home orders in response to the COVID-19 pandemic were first issued in early 2020, the general expectation was that societal changes would only be temporary. As people hunkered down in homes around the world, they expressed a collective confidence that life would eventually (perhaps after only a few weeks) return to normal. Over time, the realization that the pandemic has, in many ways, changed the world forever has slowly been gaining acceptance. Of course, it seems likely that at some point medical science will discover the means to control and perhaps even eradicate the illness, and eventually people will feel free to emerge from their homes. However, many of the fundamental changes to day-to-day activities and lifestyles that have been adopted are likely to persist well into the future.
EMA recently published primary research on the topic of “Adopting Effective Solutions in Endpoint Detection and Response,” which included a detailed comparison of two of the most popular platforms on the market today: Tanium and 1E Tachyon. Put simply, Endpoint Detection and Response (EDR) solutions represent a classification of management tools designed to proactively provide the holistic visibility and rapid automation necessary to respond to endpoint security threats and administration requirements in real-time. The purpose of the evaluation was to provide an example of how to conduct a side-by-side comparison of EDR solutions in order to determine the optimal platform for meeting current endpoint management requirements.
Unified Endpoint Management: Bringing Multi-Device Support to the Next Generation of Business Professionals
It’s hard to believe there was actually a time before mobile devices. It wasn’t even all that long ago. In fact, this month Apple is celebrating the 10th anniversary of the iPhone. While the iPhone was not the first smartphone, its introduction is credited with kick-starting the mobile revolution and initiating the “consumerization of IT,” forever changing how technology is developed, marketed, and utilized in business environments. In trying to relate these historical milestones to Millennials, I find myself more and more sounding like a crotchety old man: “Back in my day, we only had PCs—and we were glad to have ‘em, too!” Today, three-quarters of all business workers regularly use mobile devices to perform job tasks, so my nostalgic recollections of PC-only business environments are increasingly falling on disinterested ears.
An unfortunate side effect of maintaining a vibrant technology subculture is an over-reliance on acronyms to describe basic concepts and solutions. For instance, to be ITIL compliant a CTO may need to invoke the ARP of a TCP or UDP IPv6 WAN to determine the DNS entry of an SMTP server for a POS system to prevent GIGO and ensure WYSIWYG. Now, if you understood that statement, you are certainly among the lucky few “in the know” and probably use these terms on a regular basis. However, if you are unfamiliar with or had to look up any of those terms, you likely recognize the core problem. While acronyms are intended to simplify complex technical conversations, they actually impede successful communication if any participants are unaware of their meaning. Sometimes acronyms are introduced to shorten long-winded technobabble; sometimes they are developed as marketing devices to create unique sounding products; and often they evolve simply because they make techno-elitists sound more knowledgeable.
(With apologies to Jeff Foxworthy) You might be an Apple user if…
The primary function of enterprise IT management is to empower end users with access to technology resources that will boost their productivity and job performance. However, this focus is at odds with the core precepts of IT security which are adopted to minimize the exposure of enterprise systems, applications, and data. I recall that in a number of IT operations management adventures throughout my career, I often joked with colleagues that the most effective way to create a secure environment is to simply shut down all computers in the data center. Naturally, management executives dependent on the IT infrastructure to generate revenue were not amused by my flippancy…and even less happy that their workers had to “jump through hoops” to gain access to IT resources.