Hot Topics - Privacy

Privacy

The concept of privacy is a largely Western construct.   In many regions, particularly in Asia, the concept of an individual’s privacy is not well understood.  Even within the Westernised countries, predominately Europe and North America, there is wide divergence between the level of individual privacy and the tolerance of its violation.

Maintaining the privacy and protection of the personal information of employees, contractors, business partners and customers is a real management issue for all organisations.  The increase in identity theft is also a concern for all organisations.  Laws and regulations increasingly place requirements on businesses for the protection of personal data.  A myriad of laws and regulations address privacy concerns and the collection, use, disclosure, and disposal of personally identifiable information.

This is particularly of a concern in Australia and the Australian Privacy Amendment Act commencing 12 March 2014.  Failure to prepare for the provisions of this act will result in an unplanned, knee-jerk reaction to a violation.  A better approach is to include privacy in your organisation’s identity management architecture.

Hot Topics - Cloud Identity

Cloud Identity

Managing identity in the cloud is not for the faint-hearted.  There are several aspects of identity management that must be considered:

-          Outbound Employee access – this is the core feature that must be provided.  Staff need access to both on-premise and cloud-based applications, and single sign-on is expected.  This should ideally be provided from a single identity repository (not one on-premise and another in-the-cloud) and via multi-tenanted infrastructure.

-          Employee as-a-service – once the infrastructure is in place, staff should then be able to use their validated identity service for other things.  It is a small stretch to offer an OpenID service to allow staff to access other SaaS applications.

-          Partner Access – it is now common for companies to provide authenticated access to their systems for business partners.  This make a lot of since since it reduces the cost of managing partner access to business applications.

-          Consumer access – authenticating access for consumers is becoming increasingly beneficial for many organisations.  It means that a tailored service can be offered to members of the public, significantly improving their on-line experience and increasing the “stickiness” of the consumer relationship.

Mobility

Mobility

Do you have central policy administration covering all remote devices?
Are you protocol compliant?
Can you remotely manage company data on personal devices?

Let us assist in developing and deploying a coherent and planned remote device management environment.

Hot topics - Access Governance

Access Governance

It is astounding how many companies fail to exploit the governance capabilities of their IAM infrastructure and don’t provide the basic governance tools that their manager’s need to do their jobs.  It is few the number of managers that get a regular report on the access permissions that their staff enjoy.  It is therefore impossible to hold them accountable for inappropriate system access by their subordinates.

Governance is a crucial part of your authentication and access control services.  You should not deploy these services without adequate governance offerings.   Basic governance should include attestation reports to managers showing the access permissions of their staff.  It is not possible to hold managers accountable for access violations if they are not provided with the appropriate tools.  If managers are not held accountable for such violations – then who?

Ideally governance should be policy based.  A central policy administration unit should implement access controls established on a cross-company basis.  Policies should be entered into the system via an intuitive GUI and should be applied to the complete web-services environment.  This should include establishing policy for separation-of-duties and monitoring for events such as out-of-hours access to company documentation.

A business intelligence component should also be included in the access control environment.  Logins by time-of-day, failed logins and any alarm of a persistent nature should be sent to the Executive Dashboard.

Privacy

Privacy

Do you have a published privacy policy?
Can you satisfy requests from your staff, or public, for access to identity information?
Are you compliant with the Australian Privacy Amendment Act commencing 12 March 2014?

Let us help you develop and implement a robust and cost-effective solution to ensuring identity information is kept private.