<img src="https://secure.leadforensics.com/133892.png" alt="" style="display:none;">

In an era of widespread digitization, companies are vulnerable to criminal activities that can jeopardize businesses of all sizes anywhere and at any time. Addressing this threat, Identity Access Management (IAM) can safeguard enterprises and strengthen their path to achieving growth and business goals, says security expert Andreas Rieber.

With over 20 years of expertise in IT and cybersecurity, Andreas Rieber is far from a newcomer. Starting his career at the National Security Agency (NSM) in Norway, he worked as the Chief Information Security Officer (CISO) at Nets Group for ten years and later assumed the role of Chief Security Officer (CSO) at MasterCard Payment Services. Currently, he holds the position of Executive Director, Cyber & Security, at KPMG in Norway. He has been a long-term customer with Security in Columbus (former ICY Security) during his former employments.

As an IT security officer, you must deal with global threats, but IT security expert Andreas Rieber at KPMG believes that the general security discussion is characterized by too much hype.

Focus on local, relevant threats

There is a constant outcry of "wolf! wolf!" and ongoing apprehensions about hacking. I want to see a perspective shift. IT security should seamlessly integrate into the entire business. This holistic approach not only safeguards the enterprise but also plays a key role in facilitating business operations, aligning with specific business areas, and realizing overall company goals. I advise IT security managers to focus on relevance to their own company rather than generic warnings, says Rieber.

Rather than exclusively contemplating the threat landscape on a global, overarching scale, Rieber advises companies to shift their focus to individual, local considerations, and to factors specifically relevant to their own business.

Insufficient understanding of the company's operations among some security professionals may lead to uncertainties in prioritizing time and resources, potentially overlooking the most pertinent challenges and security solutions, warns Rieber.

Four key security questions

He highlights some important questions IT security managers should answer:

  • What is unique to the industry and the market where the company operates?
  • What is the cost of downtime?
  • What is the most important IP (intellectual property)?
  • What information and data must not go astray?

Rieber advocates for the development of a thorough and customized security strategy and plan, grounded in the unique needs and characteristics of the company.

The security strategy should meticulously factor in external conditions impacting the company, such as competitors, geopolitical conflicts, technological innovation, and vulnerabilities in new technologies. Addressing the unique aspects of the business is crucial, involving considerations like partners, the value chain, culture, and regulatory frameworks, underscores Rieber, further emphasizing:

Additionally, assessments should be conducted to gauge the company's vulnerability to current threats, evaluate compliance with relevant laws and regulations, assess the security of the company's systems and technology, and analyze past security incidents, recommends Rieber.

The security expert emphasizes that the security strategy must not be put in a drawer but form the foundation for a security culture that permeates the business. The strategy should address how the business:

  • Protects itself
  • Detects threats and intrusions
  • Responds to events
  • Restores information, data, and systems

IAM is the foundation for IT security

The foundation for IT security is to control and manage identities and access, known as Identity Access Management (IAM). All companies must have control over the identity and access of users from the time they are created until they are no longer part of the business, i.e. throughout the entire life cycle, says Andreas Rieber.

Many people are familiar with logging in through the access management systems AD (Active Directory) and LDAP (Lightweight Directory Access Protocol). AD is Microsoft's directory service for managing users, user rights, and resource control, while it is common to use LDAP as a common log in solution that provides access to several services. Rieber believes that businesses of a certain size need more than AD/LDAP to ensure good IAM.

Beyond AD and LDAP, solid processes and effective tools are essential. Maintaining comprehensive control over identity is key, as it dictates the user's access to information and systems. The risk of unauthorized individuals exploiting access to a user identity can potentially lead to security threats such as ransomware attacks, where files and systems can be compromised, says Rieber.

IAM increases productivity

The security expert emphasizes that IAM, the processes for controlling identity and managing access, must not become so cumbersome that shortcuts are created, shadow IT, and so on. Rieber points out that good IAM both increases the level of security and is also a "business enabler", which makes it easier to collaborate, support growth, make acquisitions, sell off parts of the business, and more. He explains:

Effective IAM ensures swift and secure access for new employees, enabling them to promptly utilize the necessary systems and solutions for their roles. This principle extends to both partners and employees, where IAM guarantees access only to essential services and information for a specified duration. Correct IAM processes make the business both more productive and safeguard IT security.

Rieber emphasizes the significance of solid IAM solutions, particularly during company acquisitions, merger processes, or business separations (carve-outs). IAM plays an important role in quickly granting new employees access to central business systems, services, and collaborative tools, while ensuring that departing employees lose their access promptly, aligning with the needs of organizational changes.

Cybercrime is the world's third-largest economy

According to the World Economic Forum, cybercrime ranks as the world's third-largest economy with an annual turnover of 5.2 trillion dollars. This places it behind only the economies of the United States and China, surpassing even Japan, the fourth-largest economy, with a value of $4.4 trillion. The reality is that cybercrime proves lucrative, with minimal risk for criminals. Investigating and penalizing criminal hackers is challenging due to the fragmented nature of the crime, involving numerous people often situated far from the companies they target.

At first glance, the digital globalization of recent decades has led to many common denominators across the security domain. Threat actors operate globally and can hit businesses anywhere. Zero-day vulnerabilities are spreading fast across the globe. Hacking software and recipes are shared in global online forums along with login credentials, and more. In addition, wars and political conflicts lead to cyber threats from countries that want to attack the enemy.

For an IT strategy to successfully permeate the entire organization, the IT security manager must set an example. Acknowledging individual differences is crucial, as attempting to impose a one-size-fits-all template with cumbersome solutions often leads to individuals resorting to shortcuts, thereby exposing the business to unacceptable security risks, Rieber emphasizes.


Discuss this post

Recommended posts

As the curtains have closed on the Gartner IAM Summit 2024, it’s time to reflect on the insights and discussions contributed by 971 participants (give and take a few), in or in between the 105 sessions, workshops and round tables, and the 43 vendor exhibitions, all centered around the rapidly evolving field of Identity and Access Management (IAM).
How do you ensure IT security in large and complex companies? Add mergers, acquisitions, and carve-outs to the mix, alongside business-critical services that demand nearly 100% uptime and operations spanning multiple countries. The key lies in IAM, or Identity & Access Management, according to security expert Andreas Rieber.
We hear about it in the news all too often. Ransomware hitting IaaS and PaaS platforms that in turn paralyze digital commerce businesses by stealing customer data. This type of event can have disastrous effects on your operations as well as customers' trust. But there are ways to protect your business.
With the rise of personalized e-commerce new security threats occur, affecting trustworthiness among consumers, and ultimately, your profitability. Knowing how to strengthen your brand and why digital identity is key has becomecritical.
Cloud security threats are becoming increasingly complex, with new challenges emerging daily. The transition to a fully digital environment has brought with it added cybersecurity risks, which is why understanding the importance of cloud security is vital in keeping your organization safe.
right-arrow share search phone phone-filled menu filter envelope envelope-filled close checkmark caret-down arrow-up arrow-right arrow-left arrow-down