IAM strategy: Update to work with new technologies

Identity and access management might sound like a familiar, well-trodden process for most security professionals, but every IAM strategy could use some close inspection and an update. The challenge here, with a deeply entrenched and widely encompassing IAM strategy, is where is a good place to start making changes?

In this podcast, CEO and founder of Nemertes Research Johna Till Johnson discusses the seven steps security professionals should take to determine the ability of their organization's existing IAM strategy to meet its current and future needs, whether or not there are changes or additions that should be considered, and how to go about finding the appropriate vendors and tools for the job. Johnson notes that this is an opportune time for enterprises to review and refresh their IAM strategies, as there are many new technologies and delivery mechanisms that companies are deploying, which need to be compatible with their infrastructure and plans.

Listen in to hear Johnson's suggestions on how to tackle refreshing an IAM strategy that might have to account for employees using mobile devices and BYOD policies, services and workloads that have migrated to the cloud, and the exploration of virtualization, VDI and software-defined everything.

Johnson begins down at the policy level, where an organization's roles and the corresponding permissions, as well as protection mechanisms, are defined. A company's IAM strategy and policy may be outdated or aging rapidly in the face of either current industry advances or just shifts within the individual organization. She follows with steps that include updating directories and reviewing realms of protection. Johnson also explores how security professionals can build a list of selection criteria, which can help inform their decision whether to augment their IAM strategy, and how.

Listen to Johna Johnson's podcast about the steps to making IAM strategy updates and the considerations that should be taken.