'Who goes there?' - firms miss identity issue

Giving it the big IAM...

Giving it the big IAM...

'It's not what you know but who you know', or so the saying goes, and many companies are failing to get their heads around the question of 'who they know' when it comes to the growing security concern of identity and access management (IAM).

Simply controlling data travel within a defined perimeter is now an unrealistic way to protect a network, according to security vendor RSA, which claims that new research proves businesses are failing to get the most out of the 'who goes there?' test.

According to the RSA research, 76 per cent of IT directors say identity and access management is a high priority for their organisation - but only eight per cent of those quizzed were able to define the concept.

Pickard conceded that security vendors in part are to blame for this gulf and more needs to be done to encourage a move to more long-term thinking.

Tim Pickard, area vice president at RSA, told silicon.com: "When you're in a network environment you can keep building bigger and stronger walls to protect yourself."

However, many businesses have now left behind working models which meant they could worry only about 'these four walls'. Pickard said very few businesses now conform to such rigid uniformity across the organisation.

"For many companies now it is more important to know who is on the network and what data they are accessing," he explained.

Pickard said many IT directors understand some of the drivers - such as improved security, regulatory compliance, end user enablement and satisfaction, and longer term productivity goals - in a "piecemeal" fashion but many are still missing the bigger picture.

Increased data security was cited by 83 per cent of respondents as a driver, while 74 per cent said compliance and regulatory compliance were important drivers.

Pickard was keen to point out that IAM isn't just about security. Rather than applying simple 'yes/no' permission to a network, companies would be able to allow access to partners, suppliers and contractors on a 'need to know basis' - streamlining processes across the organisation.