Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Complexity is Your New Best Friend

Boston Dynamics Spor Robot

Boston Dynamics Spor Robot

Robot dogs? Really? Just recently, Boston Dynamics released a video demonstrating their latest quadruped robot, lovingly named Spot. The video demonstrates remarkable technology for navigation and agility, including a couple of attempts to kick the thing over, engendering internet sympathy from the likes of PETA and others.

This begs the question, who needs a robot dog? The real things seem to be pretty popular. Why do we as humans have a penchant for making things overly complicated just for the sake of automation?

While Boston Dynamics didn’t explain the purpose of their robot dog, the popular guess is that it could be used for search and rescue, like an unstoppable St. Bernard. Let’s hope it comes with a barrel of ale, rather than leading to the mounting of more lethal barrels.

What do robot dogs have to do with Identity and Access Management (IAM)?

The reason robot dogs seem overly complex is because the value they provide is unclear. There is a perception that automating IAM processes can be unnecessarily complex as well, particularly related to four issues:

– Integrating with applications across the environment

– Access request and approval processes

– Dealing with access to cloud and mobile applications

– Certifying access for auditors

Integrating with applications across the environment

Many IT organizations today minimize the integration effort by focusing on Active Directory to provide “birthright” access privileges for applications such as email and intranet. This requires manual fulfillment of access requests for business apps – you know, the ones that actually support revenue and efficient operations.

While less complex for IT organizations, the burden is shifted to users as they wait for access to be granted. Inconsistent policies and missed revocation of access also exposes organizations to risk.

Access request and approval processes

Since access fulfillment is manual, often the request and approval process is inconsistent, overly bureaucratic and opaque to business users. It’s no wonder that business leaders with budgets prefer cloud applications that deliver more immediate results.

Dealing with access to cloud and mobile applications

Of course, that leads to an even bigger challenge – how to ensure consistent security policy is applied to those cloud services the business is buying? Business users are unlikely to accept manual request, approval and fulfillment of access to cloud apps. And there is an even lower threshold of patience with mobile apps, given the consumer experience expectation on those devices.

Certifying access for auditors

With a motley approach to application delivery and IAM, access certification becomes enormously complex. Simply discovering entitlements across disconnected systems is difficult enough, but try matching those entitlements to the managers that need to approve them. Yet, it’s the business users once again who are exposed to that complexity with massive spreadsheets of users and apps to approve.

It’s time to shift the complexity

The shift towards more manual IAM has come at a price for business users. What is less complex for IT is now more complex for the business. But as the business flees to cloud services in response, they are unwittingly exposing themselves to risk that IT is uniquely capable of mitigating.

It’s time for targeted complexity that balances the convenience that users demand with the security that organizations need. Complexity with a purpose, such as integrating IAM with mission-critical applications, providing user-friendly request and approval processes with automated fulfillment, applying single-sign on cloud and mobile apps, and providing risk-scoring for more focused access certifications.

It’s a bit like teaching a new dog old tricks.

Written By

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Funding/M&A

Identity and access governance vendor Saviynt has closed a $205 million financing round.