Robot dogs? Really? Just recently, Boston Dynamics released a video demonstrating their latest quadruped robot, lovingly named Spot. The video demonstrates remarkable technology for navigation and agility, including a couple of attempts to kick the thing over, engendering internet sympathy from the likes of PETA and others.
This begs the question, who needs a robot dog? The real things seem to be pretty popular. Why do we as humans have a penchant for making things overly complicated just for the sake of automation?
While Boston Dynamics didn’t explain the purpose of their robot dog, the popular guess is that it could be used for search and rescue, like an unstoppable St. Bernard. Let’s hope it comes with a barrel of ale, rather than leading to the mounting of more lethal barrels.
What do robot dogs have to do with Identity and Access Management (IAM)?
The reason robot dogs seem overly complex is because the value they provide is unclear. There is a perception that automating IAM processes can be unnecessarily complex as well, particularly related to four issues:
– Integrating with applications across the environment
– Access request and approval processes
– Dealing with access to cloud and mobile applications
– Certifying access for auditors
Integrating with applications across the environment
Many IT organizations today minimize the integration effort by focusing on Active Directory to provide “birthright” access privileges for applications such as email and intranet. This requires manual fulfillment of access requests for business apps – you know, the ones that actually support revenue and efficient operations.
While less complex for IT organizations, the burden is shifted to users as they wait for access to be granted. Inconsistent policies and missed revocation of access also exposes organizations to risk.
Access request and approval processes
Since access fulfillment is manual, often the request and approval process is inconsistent, overly bureaucratic and opaque to business users. It’s no wonder that business leaders with budgets prefer cloud applications that deliver more immediate results.
Dealing with access to cloud and mobile applications
Of course, that leads to an even bigger challenge – how to ensure consistent security policy is applied to those cloud services the business is buying? Business users are unlikely to accept manual request, approval and fulfillment of access to cloud apps. And there is an even lower threshold of patience with mobile apps, given the consumer experience expectation on those devices.
Certifying access for auditors
With a motley approach to application delivery and IAM, access certification becomes enormously complex. Simply discovering entitlements across disconnected systems is difficult enough, but try matching those entitlements to the managers that need to approve them. Yet, it’s the business users once again who are exposed to that complexity with massive spreadsheets of users and apps to approve.
It’s time to shift the complexity
The shift towards more manual IAM has come at a price for business users. What is less complex for IT is now more complex for the business. But as the business flees to cloud services in response, they are unwittingly exposing themselves to risk that IT is uniquely capable of mitigating.
It’s time for targeted complexity that balances the convenience that users demand with the security that organizations need. Complexity with a purpose, such as integrating IAM with mission-critical applications, providing user-friendly request and approval processes with automated fulfillment, applying single-sign on cloud and mobile apps, and providing risk-scoring for more focused access certifications.
It’s a bit like teaching a new dog old tricks.