Identity, access management key to protect data

Identity and access management (IAM) has become imperative for organisations, with analysts estimating that around 60 per cent of the total information security threats faced by an organisation being internal, according to Rajendra P Dhavale, consulting director (technology services), Computer Associates.

IAM involves administering solutions like user authentication, access rights, passwords and account profiles so that organisations can facilitate and control the user's access to critical online applications and protect confidential data from unauthorised users.

Addressing the media, Dhavale said that IAM was required because of various issues like 'ghost user accounts', role changes and auditor's requirements apart from intrusion and attack prevention.

"Ghost user accounts refer to those instances when former employees of a company continue having access to some systems of the company even after they have left it. These can be a threat to security," he added.

"Federation, which is a mechanism for seamless application access across the Internet, also depends on IAM," Dhavale said, adding that, therefore, security was a driver for e-business as well.

According to estimates, without proper IAM, associated costs can rise to over $600 per user/year thus implying that the cost of neglecting IAM can be high, Dhavale said.