Mature identity and access management (IAM) is a pillar of enterprise security. But what makes IAM “good” for your business may depend on the kind of business you are in, and the demands of your industry, writes Rachael Stockton of LogMeIn and LastPass.*
Identity and access management (IAM) revolves around simply and securely connecting employees to the work required for their role – whether employees are working in the office or remote. IAM is critical for businesses to operate both efficiently and securely, however a business’ needs around IAM ultimately depends on the business itself. Is the business struggling to securely manage user access across a diverse workforce, or are they focused on addressing shadow IT? Is the business focused on implementing a solution that’s easy to use, or seeking more granular control over their end users? It may be one, all, or a combination of the above, but what’s universally true is that business requirements shape IAM requirements.
And, business requirements are heavily impacted by the industry the company is in. IAM needs vary by industry because of how different the business model, needs and priorities are. Consider a financial services and media organization – both have the common objective of simply and securely connecting an employee to the work required for their role, but almost everything about their business models are different. Therefore, their priorities from an IAM perspective are too.
We know that industry generally shapes IAM requirements, but the real question is how. LastPass commissioned research on trends in the IAM market to gain insights on how those trends vary by vertical. The research explores how financial services, IT, and media are managing IAM programs today, what their challenges are and the priorities moving forward.
Financial Services: Focus on Reducing Risk
Financial service organizations are in the business of managing money and cybercriminals are ultimately after monetary information in one form another, which inevitably creates a higher risk for managing financial related data.
That’s why reducing risk is the top IAM priority for financial service organizations. 75% of financial services organizations ranked reducing risk as their top priority, versus the 66% overall average. Due to the high sensitivity of the data and the associated compliance mandates in finance such as the Bank Secrecy Act (BSA) or the Fair and Accurate Credit Transactions Act (FACTA), it’s not surprising that reducing risk is a higher IAM priority for finance than most.
Financial services organizations are also focused on integrations. 58% of financial service organizations said they need an integrated system to manage, monitor and set policies to improve their security program, as opposed to the overall average of 44%. An integrated IAM platform would help financial services gain unified visibility across their employees to have better insight into which employee access to better mitigate risk against cybercriminals.
Information Technology prioritizes Multi-Factor Authentication
Information technology (IT) are businesses who operate in the hardware or software markets. As businesses who are close to technology and managing customer’s data, their close relationship with technology must play a role in their IAM strategy.
48% of IT organizations surveyed said that IAM should be a higher priority for their organization than it currently is, versus the overall average of 44%. However, 47% of IT organizations said IAM could help improve employee efficiency versus the overall average of 53%. Over the next year, it seems as though IT will be focused on the security benefits of their IAM program.
To help address their security challenges, 28% of IT organizations are planning to invest in a multi-factor authentication (MFA) solution over the coming year. MFA will definitely help IT organizations address their security challenges, as MFA adds an additional layer of security to every login attempt.
Media is focused on managing User Access
Another vertical we evaluated was media, and the takeaway is that media wants to manage employee access. When we refer to media, we are referring to the industry of mass communication spanning digital, social, print, television and more. One piece to note about the media vertical is that media tends to work with many external consultants to get their work done – which means a lot of sharing and a lot of teams accessing the same resources.
Overall, the media industry feels many security improvements are needed, likely because they work with all of these consultants: 52% said quite a lot of improvements are needed compared to the overall average of 40% – a 12% difference.
Managing user access ranked high as a priority for media, much higher than other verticals – 34% of media organizations said managing user access is important to my organization where the overall average across verticals was 9%. This does make sense, if media was unable to manage user access, external consultants would not be able to access their work and not only decrease overall productivity – but lose productivity.
A One-Size-Fits-All approach to IAM doesn’t work
While each vertical challenges and priority are unique, one thing is clear: a one-size-fits-all approach to IAM doesn’t work when every vertical is unique. Organizations, regardless of vertical, need to evaluate their business requirements and build their IAM strategy in alignment with those requirements.
93% of IT professionals surveyed across all verticals agreed that bringing the various aspects of IAM into a unified solution would be greatly beneficial to their organizations. A unified IAM solution will enable verticals of all kinds with the flexibility, breadth of functionality and ease of use needed to achieve their specific IAM objectives – and help ensure businesses are always secure regardless of where employees are working from.
(*) Disclosure: This contributed article is sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.