Posted by Stuart Hodkinson - UK General Manager on Fri, Mar 13, 2009
Identity and Access Management (IAM) is more critical than ever to organisations of all sizes. Even some of the largest companies in the FTSE 100 still use manual processes for tracking who has access to what. Such systems are often paper-based, or involve multiple standalone IT systems. Either way, it can be a time-consuming process to enable access, and an even harder one to take it away again. A poorly implemented manual process will buckle if you have to do it for 1,000 people in quick succession.
The current spate of job losses, mergers, acquisitions and data breaches have prompted several companies to take action to automate and modernise their access management processes and IT.
So significant is the issue, research group
RNCOS released last month is forecasting that the IAM market will grow at a compound annual growth rate (CAGR) of nearly 23 percent between 2009 and 2012. Europe and Asia-Pac will account for nearly 62 percent of the market by 2012 according to the research, largely because of spending on IAM in the major financial services centres.
As
Gartner rightly points out in recent
coverage on vnunet.com, the knock-on effect is that many rush in and choose a solution based on reputation rather than proven capability. No IT solution should be chosen on that basis alone, especially a security solution.
A sound upgrade of any IAM system and process is achieved through the considered and planned deployment of technology and services, with clear objectives for efficiency improvements and longer-term cost saving in mind. For this reason, investment in any IAM solution - especially if it is to replace an existing solution or group of disparate systems - must not be a snap decision.
Of course, IAM is more than just a technology play, even the best technology deployment needs to be supported by clearly-defined policies and staff education to ensure that best practices are adhered to at all times.
Posted by Stuart Hodkinson - UK General Manager on Mon, Mar 09, 2009
An interesting report has just been published by analyst firm
Ovum, looking into the current state of data governance in light of the economic situation in the UK and globally.
The report, Data governance in a downturn, suggests that in the current climate, pressure to achieve short term and instant cost savings to meet lower capital expenditure targets is leading to companies reducing their headcount and focus around data governance. This in turn is disrupting business operations and leading to information assets being lost, stolen and under-exploited due to a lack of oversight.
Acknowledging that expenditure on data governance is often under pressure as it is viewed, inaccurately, as a cost rather than a revenue generator and investment, The report's authors point to several points of concern. These include headcount reductions that compromise a company's ability to maintain data governance, ill-considered technology cutbacks and damage to brand value because of deteriorating partner and customer relationships brought about by poor data governance.
The report and analyst comments have already achieved some notable media interest, with IT PRO in the UK and iTWire in Australia running substantial pieces about it.
As the report identified, companies that cut spending on data governance are all too often gambling with the very data they need to protect.
Failure to safeguard confidential internal and customer data can expose a company to a multitude of regulatory and legal challenges, particularly if any subsequent investigation finds that reasonable steps were not taken to safeguard such data because spending on and attention to data governance has been reduced.
This is not to say that you cannot reduce your expenditure on data governance, of course you can and many organisations have successfully done so without compromising either day-to-day governance or longer-term data compliance. This is best achieved through the considered and planned deployment of technology and services with clear objectives for efficiency and longer-term cost saving in mind. For this reason, investment in data governance cannot be reduced for short-term budget reasons alone.
Reducing capital expenditure on a whim, on both the staff and technology that manages data governance, reduces the corporate capability to not only manage data, but also to manage users and their ability to access sensitive and valuable information.
Fewer data governance resources to manage access controls will inevitably lead to a significant lag between an employee leaving a company and their email, SharePoint and other key user accounts being terminated. Restructuring a company's headcount increases the risk of disgruntled ex-employees or opportunistic ‘dustbin raiders' exploiting ‘Zombie Account' login credentials for criminal gain or the desire to create disruption. Data is at risk of being tampered with, lost or stolen, while a company's brand can be irreparably damaged by a data loss or theft.
According to the Ponemon Institute, the average total cost of a data breach ranged from £84,000 to almost £3.8 million, with an average of £47 per record compromised, illustrating that a poorly planned and executed cut in data governance resources can in fact cost far more than it saves. The cost of a data breach for financial services companies is usually 17 percent higher than other business types, at £55 per record compromised.
If you think the cost of data governance is expensive, look at the overall cost to a business of a data breach.