Decisions on IdM aspects are increasingly made at the strategic level, as outsourcing, cost saving, balancing security with enterprise agility and usability are becoming the main drivers. Strategic discussions on IdM include understanding the implications of new emerging scenarios and risks, such as the adoption of web 2.0 technologies within enterprises, new identity attacks (phishing, whaling, etc.), increased numbers of M&A and workforce reorganizations, IdM Outsourcing and adopting IdM as a Service.
Key decision makers in this space, i.e. CIOs/CISOs, are driven by business needs and risk management. Some of the questions we have been exposed to include:
- What is the trade-off between reducing risk in tightening the access to critical applications vs. the loss in productivity as access rights are more limited and time taken to gain these access rights will increase?
- Is it better to spend a limited budget on user education or implementing a given technical control, such as automating user provisioning/deprovisioning or providing two-factor authentication?
- Should users and business units be allowed to run their own IT solutions or is it better to have centrally managed services?
- What is the impact of emerging collaboration technologies such as blogging, Wikis and second life?
- Do changes to working patterns such as greater mobility lead to additional risks?
In a few recent blog posts of mine (here and here) I discussed our view and approach towards strategic decision support for Identity Management, based on Identity Analytics.
Your input is always welcome, in particular in terms of providing additional case studies and IdM areas we could apply our approach to.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment