Choosing an Identity & Access Management (IAM) Solution? Top 10 Questions to Ask

With rampant job lossesOpens a new window and remote working becoming a norm in the face of COVID-19, there is a greater need for companies to ensure data security. Combine this with growing security threats and it is hardly surprising that more and more enterprises are opting for Identity and Access Management (IAM) systems to enhance overall security. The IAM Opens a new window market crossed $10 billion in 2018 and is estimated to grow at over 10% CAGR till 2025.

Essentially, IAM systems enable businesses to safeguard their information assets against increasing risk of ransomware, phishing, and criminal hacking. Unauthorized access has emerged as the biggest contributor in data breaches, according to ForgeRock’s latest Consumer Identity Breach Report.

IAM systems allow organizations to define and manage user roles and accordingly provide access. A robust and well-planned IAM system provides consistent user access rules and policies across the organization. The organization can also change a user’s role and track their activities, thereby allowing them greater control over their digital assets.

The IAM system’s role is not just limited to ensuring that only the right people can access corporate information. It also helps in meeting compliance requirements. For instance, HIPAA holds organizations accountable for controlling access to customer and employee information. On the other hand, the General Data Protection Regulation (GDPR) in Europe demands strong user access controls.

Every organization’s IAM requirement is unique, so it is crucial to thoroughly evaluate the solution to ensure that your needs are aligned with the solutions’ features and capabilities.

There are several kinds of IAM tools, including password-management tools, security-policy enforcement, reporting and monitoring apps, and identity repositories, among several others. They are available for on-board systems as well as cloud-based systems.

Learn More: Why Your IT Department Needs to Part Ways With Passwords

Here are top 10 crucial questions that should be on top of your mind when evaluating IAM solutions:

1. Is it scalable?

The IAM solution should be able to meet your present and future day needs. A scalable solution that will continue to receive future patches, updates, and new releases will help you address the needs of a growing workforce, new challenges and keep pace with changing regulatory requirements.

2. How much will an IAM system cost?

Cost is always a crucial consideration, but even more so for the IAM system because sometimes they come with a complex pricing structure. Typically, there are three components involved in the cost of the IAM system, the cost of the software, the expense involved in the implementation, and the maintenance cost. While it is not unusual for a vendor to offer several pricing models, the most widely used is the per-user license fee.

3. How will it impact the user experience?

Ensuring the security of your data assets cannot be at the cost of user experience. Complicated password policies or inadequate authentication rules can adversely impact the very purpose of setting up the IAM system. The idea should be to build a seamless experience without compromising the protection of the system.

4. Does it support multi-factor authentication?

IAM systems use multi-factor authentication, ranging from fingerprints to mobile-push notification to facial recognition, to enhance security, especially for critical transactions and use cases. A flexible approach that can be modified for different users or groups helps in further improving security.

Learn More: How Biometrics Is Becoming the Security of the Future

5. What is your risk strategy?

What happens in case of a security incident? Security measures should be in place to ensure effective risk management and mitigation. The vendor should be able to respond to questions about their strategy in the event of a security incident.

6. How does your IAM solution enable web-based Single Sign-On?

Single Sign-On (SSO) is growing in popularity now because it does away with the need to remember several usernames and password combinations. Enterprises use a combination of cloud and on-premises applications, and the SSO system should seamlessly support all the applications.

7. The solution’s ability to support access from mobile devices?

Whether it is Bring Your Own Device (BYOD) or remote working, the IAM solution needs to support several operating systems, including iOS and Android, among others.

8. On-premise vs. cloud-based solution?

Both options, on-premise and cloud-based solutions, come with their pros and cons. The on-premise solution offers greater control compared with cloud-based solutions, making it a preferred choice for large enterprises. On the other hand, a cloud-based solution is easier to implement and scale as the workforce grows. It also offers better cost economics when compared with an on-premise solution.

The third option is the hybrid option, which uses a combination of on-premises and cloud-based. In this, while the more sensitive and critical data is hosted on-premise and the less sensitive information is placed in a cloud-based solution.

Learn More: Don’t Just Grant Access. Positively Identify Your Users

9. Does the IAM solution support passwordless authentication?

Most of us tend to use the same passwords for many business and personal accounts, reducing their effectiveness. Several IAM solutions now come with a multi-layered approach which does away with the need for a password.

Biometric checks combined with other factors, including device, location, IP address, or behavior indicator, can provide better security than traditional username-password or two-factor authentication. More importantly, the user no longer has to remember the username and password.

10. What is your track record of implementing IAM projects?

Before selecting the solution, talk to a few clients to verify the vendor’s credential and find out more about the solution provider’s process and approach towards deployment. If the vendor has implemented several IAM projects, it indicates that it is a well-established solution provider. On the other hand, if the company has completed only a handful of deployments, you may want to conduct a stringent evaluation of the solution before handing the project to them.

Wrapping up

The deployment of IAM systems is driven by several factors, including a more mobile workforce, the growing use of more cloud-based apps, and the need to support users’ identities and devices. Opting for the right vendor will ensure that your workforce is able to access corporate data without putting the assets in danger or exposing the data to bad actors.

Speaking to Toolbox, ForgeRock’s Ben Goodman, CISSP & SVP, Global Business and Corporate Development, said, “Getting identity right means making it easy for your consumers and workforce to connect to you digitally – which translates into making it easy to login, reset passwords, receive personalized digital content and maintain security and privacy.”

Organizations are moving away from two-factor authentication approaches, long regarded as the industry standard for access. In the wake of the ongoing crisis, IAM has emerged as a top priority due to its direct business impact. Done well, IAM can be a force multiplier for positive business outcomes; done poorly, it can be an innovation inhibitor, Goodman added, in closing.

Do you agree that growing security threats combined with COVID-19 will drive the adoption of IAM solutions? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!