{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
The initiatives surrounding digital transformations have accelerated the shift towards online services and have also pushed for the need to enable internal users to remotely access organisations’ systems. These technology solutions often provide backdoors for attackers to access sensitive resources and data. Additional risks are posed by unmanaged admin accounts with higher privileges over the IT network. These and other security concerns can be mitigated by implementing the capabilities around Digital Identity.
Digital Identity combines governance, people, processes and technology to ensure compliant, effective and automated identity and access lifecycles for all entities that exist within an organisation’s systems. Digital Identity deals with all types of entities, i.e., a person – natural or legal – or a machine. For these entities it provides secure authentication mechanisms across an organisation’s IT systems.
The term “Digital Identity” describes both
The disciplines of Digital Identity play a fundamental role in securing any organisation from external and internal compromise.
Simply put, the purpose of IAM is to ensure that the right people get the right access to the right resources at the right time for the right reason, enabling the right (business) outcome.
IGA focuses on the policy framework, tools and processes to manage access rights for individuals within an organisation automatically. IGA and IAM work closely together to ensure secure access to data, systems and applications.
More specifically, PAM is the practice of securely managing highly privileged account (HPA) access for humans and non-humans to sensitive information or functionalities. It deals with the creation, modification and removal of HPAs, as well as logging, monitoring, auditing and certifying privileged access and reporting violations.
The practice of Digital Identity starts on a strategic level, and deals with capabilities surrounding the overall strategy and planning while also considering the organisational culture and people. The requirements set and the insights gained on a strategic level need to be specified on a tactical level. Here, policies, standards and auditing capabilities need to be described and rolled out in the organisation. All these previously defined actions and working results on a strategic and tactical level support the definition of specifications on the operational level for aspects such as the identity lifecycle or access management as well as the operational enforcement.
Enhanced security is only one advantage of adopting Digital Identity processes. It goes hand in hand with ensuring regulatory compliance – managing identities and access to resources is required by various information security regulations and standards (e.g. the upcoming ISG law, FINMA, NIST CSF, ISO 27001 etc.). For instance, Digital Identity is one of the means to ensuring data security, a requirement imposed by the New Federal Act on Data Protection and the GDPR.
Digital Identity also brings a better user and customer experience through authentication technologies such as single sign-on or passwordless solutions. Automated IAM processes introduce a reduction in IT service costs while simultaneously bringing better transparency and enabling better control over users and data they can access.
In order to implement an effective Digital Identity practice into your organisation, it is necessary to consider four key areas:
Digital Identity encompasses numerous complex processes, which all require a good knowledge of all components and a close coordination of resources, activities, and people. We at PwC Switzerland have the know-how and experience to support you in any part of your journey to develop effective IAM and PAM systems.
Our approach is based on three main pillars:
Accelerated digitalisation, an increase in online commerce and remote working – these and other aspects of modern business make the management of processes even more challenging while also widening the attack surface. A secure and efficient management of identities, accounts and access is one of the basic requirements of any information and IT security standard or regulation, and therefore should be addressed with care.
However, you don’t have to face this challenge on your own. We have the specialists who can help to make sure you implement effective IAM and PAM solutions that will ensure your organisation protects both your own data as well as that of your customers. That way, you avoid financial sanctions, mitigate the damage caused by a potential data breach and most importantly build trust in your business.
1 IGA and IAM are often used similarly. For the purpose of simplification, IGA and IAM are used synonymously in this blog post.
#social#
Please reach out to us if you’re interested in learning more about how we can help to make sure you implement effective IAM and PAM solutions to ensure you let in the right people in an effective and secure manner, and keep everyone else out.
https://pages.pwc.ch/core-contact-page?form_id=7014L000000IIbfQAG&embed=true&lang=en