This content is part of the Security School: Making updates to your IAM framework

Security School

Browse Sections
Get started Bring yourself up to speed with our introductory content.

IAM strategy: Update to work with new technologies

Your organization needs to make decisions about its IAM strategy in order to keep up with the new technologies its deploying. Steps to take begin at the policy level.

Identity and access management might sound like a familiar, well-trodden process for most security professionals, but every IAM strategy could use some close inspection and an update. The challenge here, with a deeply entrenched and widely encompassing IAM strategy, is where is a good place to start making changes?

In this podcast, CEO and founder of Nemertes Research Johna Till Johnson discusses the seven steps security professionals should take to determine the ability of their organization's existing IAM strategy to meet its current and future needs, whether or not there are changes or additions that should be considered, and how to go about finding the appropriate vendors and tools for the job. Johnson notes that this is an opportune time for enterprises to review and refresh their IAM strategies, as there are many new technologies and delivery mechanisms that companies are deploying, which need to be compatible with their infrastructure and plans.

Listen in to hear Johnson's suggestions on how to tackle refreshing an IAM strategy that might have to account for employees using mobile devices and BYOD policies, services and workloads that have migrated to the cloud, and the exploration of virtualization, VDI and software-defined everything.

Johnson begins down at the policy level, where an organization's roles and the corresponding permissions, as well as protection mechanisms, are defined. A company's IAM strategy and policy may be outdated or aging rapidly in the face of either current industry advances or just shifts within the individual organization. She follows with steps that include updating directories and reviewing realms of protection. Johnson also explores how security professionals can build a list of selection criteria, which can help inform their decision whether to augment their IAM strategy, and how.

Listen to Johna Johnson's podcast about the steps to making IAM strategy updates and the considerations that should be taken.

Next Steps

Find out how using open source identity management software can benefit your organization

Discover how centralized IAM enabled Deutsche Bank's digital transformation

Learn the best practices for groups and roles in Amazon Web Services IAM

This was last published in May 2016

Dig Deeper on Password management and policy