Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Complexity is Your New Best Friend

Boston Dynamics Spor Robot

Boston Dynamics Spor Robot

Robot dogs? Really? Just recently, Boston Dynamics released a video demonstrating their latest quadruped robot, lovingly named Spot. The video demonstrates remarkable technology for navigation and agility, including a couple of attempts to kick the thing over, engendering internet sympathy from the likes of PETA and others.

This begs the question, who needs a robot dog? The real things seem to be pretty popular. Why do we as humans have a penchant for making things overly complicated just for the sake of automation?

While Boston Dynamics didn’t explain the purpose of their robot dog, the popular guess is that it could be used for search and rescue, like an unstoppable St. Bernard. Let’s hope it comes with a barrel of ale, rather than leading to the mounting of more lethal barrels.

What do robot dogs have to do with Identity and Access Management (IAM)?

The reason robot dogs seem overly complex is because the value they provide is unclear. There is a perception that automating IAM processes can be unnecessarily complex as well, particularly related to four issues:

– Integrating with applications across the environment

– Access request and approval processes

– Dealing with access to cloud and mobile applications

Advertisement. Scroll to continue reading.

– Certifying access for auditors

Integrating with applications across the environment

Many IT organizations today minimize the integration effort by focusing on Active Directory to provide “birthright” access privileges for applications such as email and intranet. This requires manual fulfillment of access requests for business apps – you know, the ones that actually support revenue and efficient operations.

While less complex for IT organizations, the burden is shifted to users as they wait for access to be granted. Inconsistent policies and missed revocation of access also exposes organizations to risk.

Access request and approval processes

Since access fulfillment is manual, often the request and approval process is inconsistent, overly bureaucratic and opaque to business users. It’s no wonder that business leaders with budgets prefer cloud applications that deliver more immediate results.

Dealing with access to cloud and mobile applications

Of course, that leads to an even bigger challenge – how to ensure consistent security policy is applied to those cloud services the business is buying? Business users are unlikely to accept manual request, approval and fulfillment of access to cloud apps. And there is an even lower threshold of patience with mobile apps, given the consumer experience expectation on those devices.

Certifying access for auditors

With a motley approach to application delivery and IAM, access certification becomes enormously complex. Simply discovering entitlements across disconnected systems is difficult enough, but try matching those entitlements to the managers that need to approve them. Yet, it’s the business users once again who are exposed to that complexity with massive spreadsheets of users and apps to approve.

It’s time to shift the complexity

The shift towards more manual IAM has come at a price for business users. What is less complex for IT is now more complex for the business. But as the business flees to cloud services in response, they are unwittingly exposing themselves to risk that IT is uniquely capable of mitigating.

It’s time for targeted complexity that balances the convenience that users demand with the security that organizations need. Complexity with a purpose, such as integrating IAM with mission-critical applications, providing user-friendly request and approval processes with automated fulfillment, applying single-sign on cloud and mobile apps, and providing risk-scoring for more focused access certifications.

It’s a bit like teaching a new dog old tricks.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...