However, in order to get the true value from IAG, it needs to happen at a strategic level that is driven from a top-down approach as well as on a day-to-day basis within IT and business operations.
This is according to Amanda Hechter, managing consultant at Mobius Consulting, who will be presenting on ‘Taking access management beyond tick-box compliance', at the ITWeb Security Summit 2018, to be held from 21 to 25 May at Vodacom World in Midrand.
Speaking of what businesses are doing wrong when it comes to IAG, she says they are placing too much focus on compliance, and not enough focus on how to gain the true value from IAG.
"Moreover, they are not defining clear IAG strategies, not building IAG operating models with a long-term view of sustaining capabilities, and not fully embedding IAG across the organisation."
To reap the benefits of IAG, Hechter says businesses need to clearly define what IAG means for their organisations and what they intend to gain from it. "They need to work with all key role players involved in IAG, seeing this as an organisation-wide problem and opportunity for improvement."When implemented correctly, she says IAG offers real information security control for the protection of information. "IAG also has business-enabling capabilities that ensure the right people have the right access, and most importantly in this case, at the right time."
IAG also offers risk-based access management, so that access management become about managing access based on risk and not just managing access to be compliant, she adds.
Delegates attending Hechter's talk will learn how to build a business case for IAG, and how a high level and holistic approach can ensure the success of IAG implementations. They will also learn about the aspects that need to be considered when implementing IAG solutions.