I’m here in National Harbor, Maryland at the Gartner Security and Risk Summit. One of the advantages of sponsoring the event is the opportunity to do what Gartner calls a “Solution Provider Session”. Most sponsors use their allotted time to pitch their solutions – that’s why we’re here isn’t it, to sell some stuff? But we’ve always chosen to use our session to provide some real-world perspective on the difficulties of identity and access management. So we invite a few of our customers to tell about their IAM journey, and hopefully expose the rest of the audience to the success they’ve had with One Identity solutions.
Today, John Milburn, the VP and GM of Identity and Access Management, lead a panel discussion that included three customers. The title of the session was “When Security Quits Standing in the Way of Agility: Stories from the IAM Trenches”. After the obligatory, “IAM is hard but we can make it not so difficult”, John turned the time over to the IAM project leads at Asurion, Bechtel, and Charles River Labs to tell their stories, including the scope of their project, the process they went through to choose a solution, and the results (both positive and negative as well as apparent and hidden) of their project.
Each came from a different place in their IAM journey, and each addressed different pains in different ways, but they all had valuable advice for anyone willing to listen.
Cory Plastek, Identity and Access Management engineer at Asurion mentioned a few valuable points:
Tom Lawson, identity and access engineering manager at Bechtel, talked in depth about the dangers of toxic combinations of entitlements and the challenges of IAM when contractors enter the picture. Key pieces of advice from Tom include:
Andy Griffin, chief of information security at Charles River Labs talked a lot about the unique challenges of integrating an enterprise IAM strategy with Office 365. He also mentioned the difficulties that a too narrow view of compliance can have on the success of a project. Key takeaways from the Charles River Labs project include:
The common theme I heard from all three of these IAM experts was that governance cannot happen without administration being done first and done right. Be willing to put the control in the hands of the right people (or more correctly, empower the right people to be in control). And understand that garbage-in equals garbage-out, so get the data right and build from there.