APAC firms step up risk, access management

Challenging economic climate has led to more attention on identity access management and governance and risk management in Asia, says CA executive.

SINGAPORE--Adoption of identity access management (IAM), and governance, risk management and compliance (GRC) is on the rise in the Asia-Pacific region, according to a CA executive.

P.F. Vilquin, CA's security director for Asia-Pacific and Japan, told ZDNet Asia in an interview Friday that widespread layoffs and tighter scrutiny in the aftermath of the global financial crisis, have led to the insider threat becoming an even greater concern.

Businesses have slowed with the downturn, giving rise to employees having more free time, he noted. In addition, they may be disgruntled about being laid off.

This was evident in the case of a Fannie Mae IT administrator who planted a timed malware into the corporate network after he was terminated, Vilquin said. The situation came about as access privileges were not terminated promptly.

"Now…you're talking about massive layoffs and reorganization, so the company needs to be ready to disable those users as quickly as possible, and readjust the privileges of the people that are being reorganized--as quickly as possible and as accurately as possible," Vilquin pointed out.

As a result of the current economic environment, businesses are more cautious of what they are spending on, preferring to avoid large projects unless they are core to the business, he added. "They are looking more at fixing things at this point, and IAM is critical for that."

Within the region, most multinationals and financial institutions have implemented some form of IAM, said Vilquin, adding that some are also trying to improve their systems. Traction among small and midsize businesses is also growing, particularly in more mature markets such as Singapore, he noted.

GRC products are also pertinent during the current climate, said Vilquin, especially in the area of risk exposure and management. "In some cases, they are not going to be able to invest in getting the perfect security system, so they need to understand where the exposure is, and what is the level," he added.

Gaining a competitive edge
Businesses, particularly those in the China market, are increasingly tapping on GRC frameworks to boost their competitiveness, noted Vilquin.

For instance, a bank customer he spoke to during a business trip last week, wanted the ability to measure how the bank is performing as an organization, as well as understand the risks it is being exposed to. To achieve these objectives, the bank had planned to undertake a governance project, said Vilquin.

Elsewhere in the region, GRC is adopted more often as a means of understanding risks, or as a result of regulations.