IAM Stakeholders and Adoption Challenges

This is Part 5 of our ‘What is IAM’ blog series. Make sure to check out the rest of the series:

• Part 1: What is IAM
• Part 2: The Definition of IAM and Its Criticality to Good Security Hygiene
• Part 3: The Components of IAM
• Part 4: The Evolution of IAM

Written by Paul Mezzera, Ravi Erukulla, and Ramesh Gupta of the CSA IAM Working Group.

IAM Stakeholders

Though IAM is typically known as an IT or Information Security discipline, IAM touches pretty much every individual and resource associated with an organization, whether associated directly or indirectly. Business users—both employees and their managers—that need to access a company’s resources go through IAM processes to do this securely. So are third-party users such as contractors, partners, vendors, guests, and customers. Specialist departments such as Security, Compliance, and HR enforce and leverage IAM processes to meet their organization’s security, privacy, and compliance objectives. Auditors, both internal and external, leverage tools and information provided by IAM tools and processes to audit an organization’s adherence to various regulations. In addition, resource owners such as application owners, platform owners, device owners, etc., leverage IAM to secure their resources and ensure that only the right users have access to their resources at the right time.

Adoption Challenges

IAM has a lot of moving pieces involving a lot of stakeholders. It is typically considered complex and often seen as overhead by business users. Commitment towards IAM processes varies across departments within an organization. One of the main reasons for this is the evolution of IAM and its initial goals.

IAM was traditionally aimed at meeting regulatory requirements and ensuring security. User experience and business enablement were an afterthought. Implementing legacy IAM tools involved developing integrations with several other tools, costly customizations, and maintaining powerful infrastructure to support and run IAM tools. This resulted in costly and time-consuming implementation. Adding to that, the benefits gained are hard to quantify. This has, however, changed over time. In the current digital and cloud-first environment, Identity is seen as an enabler. Vendors are focusing more on simplicity and user experience in addition to security and compliance. IAM tools are now offered as services over the cloud, eliminating the maintenance overhead.

What Are We Solving as Part of the CSA IAM Working Group

The IAM Working Group at CSA aims to educate, promote best practices, and advance Identity standards by fostering a culture of collaboration between various organizations to achieve consistent and effective IAM practices in and for the cloud. The working group will author guidelines and best practices and promote standards that enhance the lives of technology professionals tasked with adopting and optimizing IAM systems for use with cloud services.

We welcome professionals of all kinds - vendors, service providers, practitioners, and others - that are involved with IAM or looking forward to gaining IAM expertise to participate in the CSA IAM Working Group. Learn more about the group and sign up here.