Access Management: The key to IT security in large organizations
How do you ensure IT security in large and complex companies? Add mergers, acquisitions, and carve-outs to the mix, alongside business-critical services that demand nearly 100% uptime and operations spanning multiple countries. The key lies in IAM, or Identity & Access Management, according to security expert Andreas Rieber.
When a business reaches a certain size and operates across various IT environments, IT security quickly becomes a daunting task. It’s particularly challenging during mergers and acquisitions, stresses Andreas Rieber, Executive Director of Cyber & Security at KPMG (left).
With over two decades of experience in IT and cybersecurity, Rieber embarked on his career at the National Security Authority before serving as Chief Information Security Officer (CISO) for Nets Group and Chief Security Officer (CSO) for MasterCard Payment Services. He's currently the cybersecurity director at KPMG.
Acquisitions and mergers introduce a mix of IT environments. This can range from mainframes and Unix to office support systems like Microsoft Office, web services, apps facing customers, and business-critical systems where certain users have privileged access, Rieber explains.
He highlights the critical role of Identity & Access Management (IAM) in securing IT systems, preventing data leaks, and thwarting cybercriminals.
– In recent years, many companies have recognized the growing importance of IAM. It's increasingly becoming a part of business processes as more and more operational processes go digital,” says Rieber.
Given the complexity and sprawling nature of identity and access management, Rieber recommends partnering with an IT security expert. He notes that even larger companies struggle to amass enough personnel and expertise in IT security.
IAM and Cybersecurity
Columbus, previously known as ICY Security, boasts a long-standing client relationship with Rieber from his tenure at previous companies. Today, security is an integral part of Columbus's offerings, blending cybersecurity and IAM to forge robust security platforms for their clients.
– As a security partner, we can fully leverage our expertise. We have a vast professional community and work with various companies, environments, cultures, and threat scenarios. This diversity enriches our experience and knowledge, something a single company's security department might find challenging to achieve, says Per Samuelsen, Director of Security at Columbus.
He emphasizes that a strong partnership with clients is the key to success. – While we're experts in technology and processes, we don’t know each organization inside out. That's why we're heavily involved at the beginning. Over time, the client takes on more of the security work. We understand the industries we serve and the specific threats they face, Samuelsen states.
Columbus's expertise includes Identity Security/Identity & Access Management, threat assessments, review and evaluation of IT security solutions, and cloud and infrastructure security. Specializing in sectors such as finance, retail, distribution, manufacturing, and life sciences, Columbus has a deep understanding of the threats and security solutions relevant to these industries.
IAM as the Foundation of IT Security
The foundation of IT security is managing and controlling identities and access. With so many business processes digitized, IAM becomes crucial. It involves managing access for numerous individuals to various processes, as well as systems, machines, and robots, says Samuelsen.
Columbus points out that IAM not only offers protection but also enables companies to boost productivity. – IAM ensures that new hires quickly and securely access the systems and solutions they need to perform their jobs. This also applies to partners and contractors, granting them access to the necessary services and information for a limited period. Proper IAM processes make a business more efficient while maintaining IT security.
Good IAM solutions are particularly critical during company acquisitions, merger processes, or carve-outs. IAM ensures new employees gain quick access to key business systems, services, and collaboration solutions, while those no longer with the company lose their access. Security expert Samuelsen adds that businesses undergoing organizational changes are particularly vulnerable to cyberattacks.We increasingly see actors targeting a specific industry, sector, or company. They aim to obtain specific data, information, or systems and often target individuals associated with the business or industry. This underscores the importance of having robust security solutions in place,” emphasizes Per Samuelsen of Columbus.
Columbus offers the following services within Identity Security/IAM:
Consulting
Identity Governance & Administration
Access Management
Customer Identity Access Management
Privileged Access Management
Endpoint Protection Management