Identity lessons for the C-Suite

Identity management is classic background technology. It’s strategically important to the enterprise, but flies under the radar in many Australian organisations.

Helping senior executives understand the benefits of rigorous identity management can ensure it receives sufficient focus and a healthy share of the ICT budget.

A white paper released by Australia Post in 2016 suggested the economic value to the country of an accepted digital identity was an astonishing $11 billion a year.

Here are eight reasons why it’s worth investing time and money on Identity and Access Management (IAM).

Identity is vital to security – and security is vital to business

It’s well known that security breaches are bad for business. Just ask the Australian human resources site PageUp, which made the news in early 2018 following a hack which put the personal details of potentially tens of thousands of individuals at risk. High profile customers ended their relationships with the company as a result. PageUp also faced the prospect of lawsuits and the postponement of a stock market listing.

Poor data governance is also a risky game these days, following the tightening of Australia’s privacy laws in February 2018. Organisations now face stiff financial penalties if they fail to notify customers and the Office of the Information Commissioner within 30 days, should they suspect or experience a serious data breach.

Good security has become a differentiator and a source of competitive advantage for companies – and it can’t be achieved without sound IAM. Making sure the IAM team and the security team are working hand in hand, not pursuing different strategies and reporting to different entities, is vital.

The right multi-factor authentication (MFA) solution matters  

Want to improve security across the enterprise in a trice? Multi-factor authentication is the answer but there’s no right way to roll it out. Some methods such as one-time passwords delivered via SMS are easy to deploy and easy for hackers to compromise. Others, such as Personal Identity Verification cards, are significantly more secure but may be a nuisance for employees and overkill for your circumstances. It’s important to assess the risk profile of your organisation before deciding which way to jump.

IAM matters right across your network

When it comes to security, you’re only as good as your weakest link. Ensuring customer and partner identities are managed rigorously is just as important as making sure you have your own house in order.

IAM affects user experience – and your bottom line 

IAM isn’t just important for security reasons. In today’s digitally-driven world, customers are setting the bar for online transactions ever higher. Good IAM is the key to a log-in process which makes customers feel recognised and valued. It can enable you to remember their preferences and guide them towards the check-out without a hitch. Conversely, a clunky log-in process can result in customers abandoning a transaction or being reluctant to return.

Identity isn’t just about single sign-on

Investing in identity does more than provide employees with a single sign-on. It can help make them more productive by giving them access to the right tools, as and when they’re needed, rather than having to wait around for days to have their access approved. With the right technology in place, revoking their access once it’s no longer required can also be a simple affair.

One identity is something to strive for

Expecting every employee will have just one user name for the duration of their time with your organisation may be unrealistic – but it’s something to strive for. Permissions and access levels can change suddenly when individuals are promoted or demoted, switch jobs or move on. A one-identity policy can help protect the integrity of sensitive data by making it easier for administrators to keep track of access changes.

IAM makes organisations nimble and innovative

If yours is a large enterprise, it’s likely you buy or build new applications regularly. The smart players have implemented internal identity APIs – Application Programming Interfaces. This circumvents the need for them to keep reinventing the wheel by building a login system for every new solution. Instead, they’re able to make use of centralised identity micro-services that can track who’s logged in and what they need to access

Identity isn’t optional – it’s essential for compliance

One thing has become crystal clear about the business of data management in recent years. It’s the fact that it’s individuals, not companies, who ‘own’ data. Organisations need to be able to prove that they’ve obtained consent to collect it, use it and store it. Identity management is key to this process. It can provide the assurance that customers have a single secure account or file whose access is limited to authorised applications and personnel. In an era when tolerance for data breaches is rapidly diminishing, that’s not a ‘nice to have’ – it’s essential.