Confronting Challenges in Identity and Access Management
In order to protect consumer and institutional assets, the financial services industry is heavily regulated across state, federal and international agencies. Significant requirements exist when it comes to protection of financial data.
Therefore, while identity & access management is of critical importance across all industries, this is particularly true in the financial services arena. Identity & Access Management (IAM) involves ensuring that the right individuals have access to the right data.
A robust identity and access management system controls individual access to specific data according to role and conflict avoidance requirements. Moreover, the best systems ensure that information access can be audited, monitored, logged, and reported as necessary. Just in time provisioning also plays a vital role, to ensure people gain – or lose – access as quickly as possible. The former ensures better corporate efficiency, while the latter minimizes security risks.
Yet, even the best IAM systems fail to remedy all challenges faced by BFSI entities in today’s rapidly evolving technology environment. The following are some of the trickiest challenges pertaining to identity management, and how the most forward thinking entities are tackling them.
Work from Anywhere
In the past, employees who wanted to access corporate data worked from one location: on-premise. As a result, security systems followed a so called perimeter strategy, which focused exclusively on testing and perfecting security systems inside the physical plant. Employees typically did their work from an assigned space within a specific location.
Today, users work from various locations: home, a board room, an airport, a hotel. And regardless of their locations, employees need and expect access to protected data to do their job. While the specifics of IAM might not change that much by location independence, greater risk of corporate identity theft exists outside the traditional work environment. The likelihood of unauthorized access increases as people log in from across the street or around the globe.
In order to mitigate this threat, IAM now requires use analytics and review to identify and prevent unusual use patterns. Repeated failed logins, random device access and repeated attempts at non-provisioned information after login are all suggestions that an access identity may be compromised. By using strong analytics and detection systems, atypical logins are identified sooner, allowing for a speedier resolution.
Bring Your Own Device
Related, but not identical to the work from anywhere trend is the bring your own advice initiative. The greatest challenge is often associated with mobile devices… cell phones and tablets in particular… are the different security protocols created by different manufacturers. Ensuring a uniliateral security protocol across all devices takes time, planning and testing, which can often stress an already busy IT department.
However, BYOD is here to stay. Employees often want 24 x 7 by anywhere access to enterprise applications, such as email, which may contain protected information. As a result, even inadvertent loss of mobile devices presents a great risk of confidential information falling into the wrong hands. Notification delays that frequently accompany lost devices further exacerbate such a risk.
Strict IAM doesn’t adequately protect against mobile threats. Another layer of access control needs to accompany traditional sign on methods. Yet, the more arduous the protocol, the less satisfied the user. Dissatisfaction often results in lack of compliance, including the saving or forwarding of passwords in unsecured applications, such as notepad or personal email.
A common solution to this issue is so called “smart authentication” which recognizes login location through network identification. A rules and exception based protocol allows for the simplification of login rules depending on the location of the access request. When a user is in an approved location, login protocols can be simplified. However, when users are in unlisted locations, additional security measures are applied.
The best identity and access management systems stay ahead of challenges presented by our rapidly evolving economy. They enable not only rapid provisioning and decommissioning, but also provide a layer of defense against common risks in the banking, financial services and insurance industries. By investing in robust IAM, BFSI enterprises can ensure they remain in compliance with regulatory requirements, protect consumer information and thwart cyber-theft. It is those organizations that will gain or retain a competitive advantage in the coming years.
Want to learn more about developing and implementing robust IAM solutions? Contact us today.