Identity and access management – where data security starts says dormakaba
Identity and access management (IAM) has become engrained into the South African corporate mindset – so much so, that it is now considered instrumental in the overall business security strategy.
So says Paul Chari, Principal Consultant EDC Solutions at dormakaba, a leading provider of cutting edge security and access control technology.
The company is among the top three global firms competing for market share within commercial access control and recently made its world-renowned Self Boarding Gates (SBG) and Boarding Pass Control (BPC) solutions available in Ghana, Kenya and South Africa.
Chari says the main driver behind business adoption of IAM tools and solutions is compliance with key regulation like the PoPI Act, as well as adherence with global standards governed by the GDPR legislation and the need to facilitate and safeguard trade where sensitive information has to be exchanged.
IAM s used to protect IP he adds.
But what of the insider threat to organisations? which IT security experts agree remains a prevalent danger to all businesses.
“This is the most vulnerable point of any company. Using IAM to make information accessible only to those who need it or for whom it is relevant eliminates potential damage and risk,” says Chari.
The issue of access to a corporate network or system is a regular feature in discussion about hot topics including AI, IOT, cloud services, analytics and machine learning – not least the increasing influence of mobility in the workplace.
“The fact is that there are circumstances in which a business should deny access to a user, even one who has access privileges. These circumstances include where there is evidence of irregular activity, where process is not followed or where a user freely shares or requests user keys/ passwords,” says Chari.
The business security market has evolved and access control is no longer an after-thought Chari continues. For example, encryption is used to ensure that information illicitly accessed is not immediately usable and the same goes for data that is inadvertently accessed.
“There is a huge emphasis on data security at the moment with the impact of cyber-attacks on business, the need to keep data safe and controlled is apparent. Access control manages points of entry – be they physical or digital. It allows discrimination of individuals to physical points where storage equipment is kept or electronically, what subsets of information can be seen. Access control is therefore a natural fit allowing transparency of who has access where,” he says.
According to the dormakaba consultant, while all businesses need access control, transaction-based businesses need it the most.
Although staff participation and buy-in remains a challenge, access control (like the doors to a business) is the starting point Chari adds.