<img src="https://secure.leadforensics.com/133892.png" alt="" style="display:none;">

In an era of widespread digitization, companies are vulnerable to criminal activities that can jeopardize businesses of all sizes anywhere and at any time. Addressing this threat, Identity Access Management (IAM) can safeguard enterprises and strengthen their path to achieving growth and business goals, says security expert Andreas Rieber.

With over 20 years of expertise in IT and cybersecurity, Andreas Rieber is far from a newcomer. Starting his career at the National Security Agency (NSM) in Norway, he worked as the Chief Information Security Officer (CISO) at Nets Group for ten years and later assumed the role of Chief Security Officer (CSO) at MasterCard Payment Services. Currently, he holds the position of Executive Director, Cyber & Security, at KPMG in Norway. He has been a long-term customer with Security in Columbus (former ICY Security) during his former employments.

As an IT security officer, you must deal with global threats, but IT security expert Andreas Rieber at KPMG believes that the general security discussion is characterized by too much hype.

Focus on local, relevant threats

There is a constant outcry of "wolf! wolf!" and ongoing apprehensions about hacking. I want to see a perspective shift. IT security should seamlessly integrate into the entire business. This holistic approach not only safeguards the enterprise but also plays a key role in facilitating business operations, aligning with specific business areas, and realizing overall company goals. I advise IT security managers to focus on relevance to their own company rather than generic warnings, says Rieber.

Rather than exclusively contemplating the threat landscape on a global, overarching scale, Rieber advises companies to shift their focus to individual, local considerations, and to factors specifically relevant to their own business.

Insufficient understanding of the company's operations among some security professionals may lead to uncertainties in prioritizing time and resources, potentially overlooking the most pertinent challenges and security solutions, warns Rieber.

Four key security questions

He highlights some important questions IT security managers should answer:

  • What is unique to the industry and the market where the company operates?
  • What is the cost of downtime?
  • What is the most important IP (intellectual property)?
  • What information and data must not go astray?

Rieber advocates for the development of a thorough and customized security strategy and plan, grounded in the unique needs and characteristics of the company.

The security strategy should meticulously factor in external conditions impacting the company, such as competitors, geopolitical conflicts, technological innovation, and vulnerabilities in new technologies. Addressing the unique aspects of the business is crucial, involving considerations like partners, the value chain, culture, and regulatory frameworks, underscores Rieber, further emphasizing:

Additionally, assessments should be conducted to gauge the company's vulnerability to current threats, evaluate compliance with relevant laws and regulations, assess the security of the company's systems and technology, and analyze past security incidents, recommends Rieber.

The security expert emphasizes that the security strategy must not be put in a drawer but form the foundation for a security culture that permeates the business. The strategy should address how the business:

  • Protects itself
  • Detects threats and intrusions
  • Responds to events
  • Restores information, data, and systems

IAM is the foundation for IT security

The foundation for IT security is to control and manage identities and access, known as Identity Access Management (IAM). All companies must have control over the identity and access of users from the time they are created until they are no longer part of the business, i.e. throughout the entire life cycle, says Andreas Rieber.

Many people are familiar with logging in through the access management systems AD (Active Directory) and LDAP (Lightweight Directory Access Protocol). AD is Microsoft's directory service for managing users, user rights, and resource control, while it is common to use LDAP as a common log in solution that provides access to several services. Rieber believes that businesses of a certain size need more than AD/LDAP to ensure good IAM.

Beyond AD and LDAP, solid processes and effective tools are essential. Maintaining comprehensive control over identity is key, as it dictates the user's access to information and systems. The risk of unauthorized individuals exploiting access to a user identity can potentially lead to security threats such as ransomware attacks, where files and systems can be compromised, says Rieber.

IAM increases productivity

The security expert emphasizes that IAM, the processes for controlling identity and managing access, must not become so cumbersome that shortcuts are created, shadow IT, and so on. Rieber points out that good IAM both increases the level of security and is also a "business enabler", which makes it easier to collaborate, support growth, make acquisitions, sell off parts of the business, and more. He explains:

Effective IAM ensures swift and secure access for new employees, enabling them to promptly utilize the necessary systems and solutions for their roles. This principle extends to both partners and employees, where IAM guarantees access only to essential services and information for a specified duration. Correct IAM processes make the business both more productive and safeguard IT security.

Rieber emphasizes the significance of solid IAM solutions, particularly during company acquisitions, merger processes, or business separations (carve-outs). IAM plays an important role in quickly granting new employees access to central business systems, services, and collaborative tools, while ensuring that departing employees lose their access promptly, aligning with the needs of organizational changes.

Cybercrime is the world's third-largest economy

According to the World Economic Forum, cybercrime ranks as the world's third-largest economy with an annual turnover of 5.2 trillion dollars. This places it behind only the economies of the United States and China, surpassing even Japan, the fourth-largest economy, with a value of $4.4 trillion. The reality is that cybercrime proves lucrative, with minimal risk for criminals. Investigating and penalizing criminal hackers is challenging due to the fragmented nature of the crime, involving numerous people often situated far from the companies they target.

At first glance, the digital globalization of recent decades has led to many common denominators across the security domain. Threat actors operate globally and can hit businesses anywhere. Zero-day vulnerabilities are spreading fast across the globe. Hacking software and recipes are shared in global online forums along with login credentials, and more. In addition, wars and political conflicts lead to cyber threats from countries that want to attack the enemy.

For an IT strategy to successfully permeate the entire organization, the IT security manager must set an example. Acknowledging individual differences is crucial, as attempting to impose a one-size-fits-all template with cumbersome solutions often leads to individuals resorting to shortcuts, thereby exposing the business to unacceptable security risks, Rieber emphasizes.

Topics

Discuss this post

Recommended posts

As manufacturers increasingly adopt smart practices to remain competitive, cybersecurity emerges as a critical concern. The recent findings from the IBM X-Force Threat Intelligence Index report highlighted the severity of the issue, ranking manufacturing as the top attacked industryfor the third consecutive year. This highlights the urgent need for manufacturers to reassess their cybersecurity strategies and implement robust measures to safeguard their operations.
Every business sector knows the impact of customer churn—how the steady stream of departing customers can erode profits and destabilize even the most robust revenue streams. But what if there was a way to gain insights into the future, to anticipate and alleviate this risk to your business's financial success?
Achieving customer satisfaction is not just about speed; it has to be in combination with effective problem solving and personalization. This is where generative AI chatbots come into play, cutting-edge tools that transform customer service organizations and processes. By integrating them into service strategies, companies can not only boost customer satisfaction, but also increase operational efficiency and reduce costs.
As the curtains have closed on the Gartner IAM Summit 2024, it’s time to reflect on the insights and discussions contributed by 971 participants (give and take a few), in or in between the 105 sessions, workshops and round tables, and the 43 vendor exhibitions, all centered around the rapidly evolving field of Identity and Access Management (IAM).
How do you ensure IT security in large and complex companies? Add mergers, acquisitions, and carve-outs to the mix, alongside business-critical services that demand nearly 100% uptime and operations spanning multiple countries. The key lies in IAM, or Identity & Access Management, according to security expert Andreas Rieber.
right-arrow share search phone phone-filled menu filter envelope envelope-filled close checkmark caret-down arrow-up arrow-right arrow-left arrow-down