IAM

The big challenges for CIOs about identity management

24th January 2018

Grave issues that may occur, such as downtime in a technological service, are usually tackled first. These issues go hand-in-hand with a loss of trust by the company in IT services. It therefore becomes a main concern for CIOs: trust in the services provided.

The most common problem faced by IT personnel is, in particular, the management of password-based identities and user access privileges.

Companies are currently using multiple systems. These systems have a myriad of users and identities that translate into multiple passwords and various privileges. Moreover, they are managed by various processes involving additions, deletions and changes, and they also need to be operational 24/7.

According to the Halock consulting firm, each person has an average of 25 accounts across different systems, which keeps growing with each new service and app that appears on the market. This phenomenon is dubbed identity sprawl by experts, and when added to the various internal identities in a company, the outlook is confusing at best. Furthermore, this identity sprawl is simplified by the fact that people have many identities but only a few passwords to manage them. It seems like a great opportunity for hackers to attack organizations on this front.

Low levels in productivity and quality of labor in organizations

If management is not focused on addressing the complexity of the various systems and different internal flows of information for the management of user data, variability is introduced into company processes.

This variability makes processes lose their meaning and lead to diminishing quality and productivity. This is compounded by the fact that users want immediate service, and even more so in regard to user addition, deletion and modification. According to Gartner, resetting of accounts encompasses 30% of Help Desk calls.

The challenge of management Shadow IT

This term refers to devices, software and services that are not controlled by the IT department and are therefore not expressly approved by the organization. Basically, we are referring to the situation where a person in the organization decides to use a cloud service without the company’s approval. It is very common for task or project management applications, or organizer applications.

The problem lies in the fact that the company may be exposed to undesired risk, such as the use of data by those applications without the proper protection. This practice is two-pronged; on one hand, it is a threat to security, and on the other, it is an opportunity for people to work with the applications that work best for them.

However, in our case study, Shadow IT poses a threat due to being unconnected to the core directory. This generates more identities without a central management, chaotic processes and security breaches.

Another risk that may result from Shadow IT is dependency on a provider.

Major service companies such as Microsoft, Google and Amazon design their infrastructure as large conversion funnels that have the end goal of creating a dependency as providers. Once they have the person’s identity as well as that of the company, they may block service so that you eventually need to pay for them.

It is a widespread practice as a customer engagement method. Once they have your identity and you use their services, little by little you will exclude other alternatives and the company will commit to paying for the services.

CIOs need to constantly adapt to changes. This is the moment to take an innovate strategy and concentrate efforts on optimizing resources. There will always be challenges, the important thing is to be aware of the needs and risks to respond to it.