enterprisesecuritymag

The Modern World of Identity and Access Management

By Melinda Hanford , Systems Analyst Supervisor, Children's Hospital of Philadelphia

Melinda Hanford , Systems Analyst Supervisor, Children's Hospital of Philadelphia

1. In the light of your experience what are the trends and challenges you’ve witnessed happening with respect to the Identity and access Management space?

Some of the trends in the Identity and Access Management space are very comparable to other IT spaces, such as increased cloud adoption, a focus on improved user experience, and a wide range of device types (phones, computers, medical devices, etc.) to support and secure. For instance, there has been a big shift with identity management tools moving to the cloud, resulting in changes to the support model. These changes produce more frequent upgrades and enhancements, and client interaction with these tools has become more user-friendly. Another example is the rapid growth and development in the authentication space over the past few years. Many new methods are now being implemented and used more widely, such as risk-based and multi-factor authentication, and push notifications. These methods are aimed at supporting and securing the approaches and tools used to connect to an enterprise’s data.

"Protecting our data is always a top priority"

One of the biggest challenges in the identity space right now is ensuring that organizations have the right identity management and access controls in place, while simultaneously ensuring the right security and protection levels. It can be difficult to balance having proper security controls (such as multi-factor authentication and real-time access certifications) while designing easy-to-use identity management processes for the user base.

2. Could you talk about your approach to identifying the right partnership providers from the lot?

I find that the most important step in identifying the right partnership provider is understanding and prioritizing your organization’s key use cases as they relate to the identity management space. Defining the use cases that are most important to your organization will help identify the most appropriate providers that can meet your organization’s needs. The identity management space is large, so consider breaking it down into major categories. Here’s an example:

1. Access Management (single sign-on, federation, multi-factor, password reset)

2. Identity Governance (identity repository, identity lifecycle, certifications/attestation)

3. Privileged Access Management

In each category, identify and document the use cases that your organization wants, or is required, to have in place. For example, what applications are critical to protect using multi-factor? Or for instance, if your environment leverages many SaaS mobile applications, it may be key to use a variety of authentication standards (such as SAML 2.0, OAuth, and OpenID Connect). Always be sure to take into consideration which Information Security or other organizational policies you need to adhere to as well.

3. Could you elaborate on some interesting and impactful project/initiatives that you’re currently overseeing?

We have several significant initiatives taking place, with the replacement of our Enterprise Resource Planning (ERP) system being at the top. This project is vital, as it gives us the opportunity to re-assess and shape our identity governance processes in a meaningful way.

4. What are some of the points of discussion that go on in your leadership panel? What are the strategic points that you go by to steer the company forward?

One of the points of discussion that our leadership panel is very involved in is our three to five-year strategy and information security. Protecting our data is always a top priority, which should be the case in any organization. We meet regularly with other institutions, implementation partners, and advisory companies to recognize how the Identity and Access Management space is changing, discuss projects and initiative we should consider, and share ideas with one another. Understanding the Identity Management space as well as the efficiencies that can be established for the user base helps drive the company forward.

5. Can you draw an analogy between your personality traits, hobbies and how they reflect on your leadership strategy?

I am a person who likes to have a lot going on but stay organized at the same time. I am the parent of two small children, an avid runner, and very involved in my local community. One way I do all of this successfully is to break down all of my tasks into manageable parts to help me and my family keep things moving and running smoothly – whether it be helping my child with a school project or training for a race. At work, it is very similar, as my team has a lot of different work efforts occurring at the same time. In order to stay organized, we use the agile methodology, which anticipates the need for flexibility and breaks up projects into several stages. My focus constantly shifts to whatever area needs help to move it forward – whether it be a small project or something as large as defining a new strategy.

6. How do you see the evolution of the Identity and access Management arena a few years from now with regard to some of its potential disruptions and transformations?

Over the next few years, there will continue to be a focus on balancing the importance of protecting against cyber-threats while ensuring that authentication and authorization are easy to use for the user base. Risk-based authentication will continue to expand and use a more complex variety of factors to identify a user. There will also continue to be a shift to cloud-based applications and tools, including those that are used to support identity management. As a result of the shift to the cloud, it will be interesting to see how the zero-based trust framework/architecture will be adopted by organizations as it relates to identity management. This framework uses a variety of methods to verify a user or device as a way to overcome security challenges with organizations moving away from the once-typical perimeter-based security model.

7. What would be the single piece of advice that you could impart to a fellow or aspiring professional in your field, looking to embark on a similar venture or professional journey along the lines of your service and area of expertise?

When pursuing a career in the Identity and Access Management world, or in any technology field, it is very important to network. Identity Management is a big space and it impacts all of your internal and external clients. You will work closely with many different teams including Human Resources and other Information Technology (IT) teams such as Infrastructure, Architecture, Help Desk, and Application Teams. Set up a time to get to know these groups and shadow them. It is extremely helpful to understand their perspectives and needs to continue to learn all of the processes that work together to drive your organization forward.

Check out: Top Identity and Access Management Solution Companies in Europe

Weekly Brief