Securing Access in an Always-Connected World

How many devices do you have within your reach right now? How many emails did you answer on your cell phone, work or personal, after you got home last night? Did you watch the debate this week? How? For the first time there were live streaming versions of the debate on television, Facebook, Twitter, and on the websites of too many media outlets to count.

Our lives have become insanely interconnected with our jobs, our friends, our politics, even the decisions we make on a daily basis are all a result of our connection to technology. I'm not saying that being constantly connected is a bad thing. It's actually kind of amazing. We can instantly communicate with customers from around the world. We can send files across continents within seconds. We can send each other pictures with funny filters like dog ears or rainbows. Ok, I guess they aren’t all the same kind of amazing, but you get the idea. Openness supports productivity and creates opportunity, but it also creates security and compliance risk.

Think about the number of users and applications that you have in your organization. That number seems to grow every day as do their permission and access requests. Do you have multiple devices for these users? Then that number just doubled again. What about a ‘bring your own device’ policy? Do you have one? If not, then you are allowing access to your network on a host of unsecure devices. If you do, then do you have differentiated networks for employees, guests, contractors, and so on? Organizations have to find a way to balance the risk of exposing their data with the need to grant access to their employees, partners, and customers. At the same time, you must put governance controls in place to make sure that data is only accessible to the right people, at the right time, on the right device.

The key to this balance is not trying to lock down everything in sight, but being able to assess the greatest areas for risk to the business and allocate your resources wisely. Until now, the biggest challenge has been figuring out which assets pose the biggest risk, where they live, who has access to them and what users are doing with these assets. However, if you really want to protect your organization, you need to know that information right now, in real time and not through periodic reviews once or twice each year. It's simple; if your users are on your network 24/7 then you need to be able to see what they are doing 24/7. The best way to protect and monitor the massive amount of information that you have is through an Identity and Access Management system. It's not only complex, it is critical if you are in one of the many industries regulated by corporate or government policies and regulations. These systems grow more complex every day due to the sheer amount of data that we are adding into our networks and can require substantial investments in both administrative and financial resources.

However, no investment can compare the security of your data, the full compliance of your company and the reputation of your brand. In our evolving "always-on" culture, we have to be prepared to do more than pass a yearly audit. Too many organizations make the mistake of primarily focusing on passing their audit and being seen as compliant within regulations rather than using their IAM system as a business enabler. An IAM solution is a way to protect your entire organization from potential risks to business and, unlike your employees, it is able to work 24/7 for you. Is your IAM solution working for you? Are you using it as a business enabler and assessing your risk in real-time, or are you simply using it as a tool to get through your annual review? Assessing access risk in anytime is crucial in our culture and is the key to a fully compliant organization.