While many sectors in the economy are struggling, the identity management technology industry is booming—and for good reason.
In March, as the COVID-19 crisis began to take hold in the US, we saw an almost overnight surge in remote workstations being cobbled together with little time for planning. These millions of newly remote workers still needed access to the same company systems, applications, and files. From outside of the company’s firewall, controlling secure access to these resources is a lot more challenging.
What Is Identity Management?
Identity management and its counterpart, access management—collectively known as IAM—are methods companies use to manage user authentication and authorization across the entire organization. IAM also helps these companies maintain compliance with both government regulations and corporate rules and policies.
At a very high level, identity management is the business discipline that directs user identity verification and level of access within a system. Identity management also encompasses authentication and access control, which are critical steps in securing user access.
Identity management uses attributes like name, employee ID, email address, job title, and department to designate which applications, systems, and resources each user is permitted to access within the company.
The attribute information is centrally stored and managed in an identity warehouse. Once you establish data connections between the identity warehouse and other business systems, you can either pull additional identity information (additional attributes, accounts, levels of access, etc.) or manipulate the user’s account within the system using the CRUD process (i.e., Create an account, Read the data, Update account permissions, Delete the account).
Identity and access management establishes a secure, auditable environment for setting and maintaining resource and system permissions for employees, vendors, and third parties who need authorized access, whether permanently or temporarily.
This obviously simplistic view of IAM doesn’t illustrate the full impact these systems and tools have on every corner of a business, including its bottom line.
Identity Management Affects Revenue Through Productivity
We normally think of identity management in terms of how it contributes to employee productivity and company security, and we stop there. However, when looked at through a wider lens, IAM plays a more complex role within the business. How these systems are administered can affect the company’s bottom line in both good and bad ways.
Remember the last time you started a new job? You probably spent the first few days meeting with the team, then meeting with HR, then meeting with IT, then staring at a wall waiting for lunchtime. Sure, you got paid for that time, but the company saw zero ROI.
Identity lifecycle management is challenging, including onboarding new employees, and without the right tools in place, incredibly inefficient. Automated lifecycle management software streamlines the onboarding and employee provisioning processes, so new hires are up and running sooner and contributing to revenue generation.
As we look toward the post-COVID-19 chapter of business, one thing we can be sure of is that the landscape will be a lot different. In the coming months, many companies will lay off more employees and choose not to fill vacancies in an attempt to “do more with less.” As each company navigates what this approach looks like for them, we can expect to see more people changing roles within the same organization to fill in the gaps.
Changing roles comes with its own set of IAM needs, which can negatively impact productivity. New roles mean new entitlements, which require IT time and resources to coordinate. Employee downtime plus IT resources spent equals a hit to the bottom line.
However, this is another area where automated lifecycle management tools save the day. When HR triggers a role change, the employee will be automatically provisioned for the new role and deprovisioned for their former role.
An often-overlooked source of wasted money in an organization is workflow inefficiency within the IT department. One of the biggest contributors to this inefficiency is addressing ad hoc requests.
It’s inevitable that from time to time employees need IT’s help with password recovery, fixing glitches, or getting temporary access to resources they don’t normally need. In many organizations, these types of requests are handled through tickets.
The ticketing process is cumbersome at best, but besides being a pain, dealing with these small one-off projects keeps the IT team from working on higher-value projects for the company. Instead of working strategically to meet business goals, they are putting out fires and saving cats from trees.
One solution is to use lower-level (i.e., cheaper) IT team members to handle the majority of tickets, but even that isn’t the best use of resources. A more permanent and cost-effective option is to invest in an IAM tool that streamlines some of the common ad hoc requests, like automating access delivery based on a data trigger from a business system.
For example, a new user joins a project and needs access to that project in a project management system. If they are granted access to the project in the PM system, we should also give them access to the private channel in Slack, access to the Shared Drive in Google Drive, and access to a shared email mailbox. Automating the new user’s access to all of the related accounts based on being added to the project in the PM system significantly reduced IT’s workload.
Identity Management Affects Revenue Through Security
Identity and access management is a crucial part of any successful security strategy. Many security breaches occur through individual user accounts, and with the increased reliance on BYOD (bring your own device) for remote working, strict IAM is more important than ever.
A recent survey from CrowdStrike found that 50% of respondents believe their companies are not any more likely to be hit by cybercrime as a result of COVID-19. However, CrowdStrike has seen a hundredfold increase in COVID-19-themed malicious files since February, with no indication that the frequency of attacks is slowing.
With the increase in cyber threats and the growing incidence of ransomware, establishing a secure perimeter around company data and resources is key to protecting the organization’s financial well being.
Ransomware aside, how you approach security can affect the company’s bottom line—in good and bad ways—in the course of normal operations.
Insurance isn’t exactly a sexy topic, but implementing IAM systems with robust auditing, reporting, and logging features can significantly reduce cybersecurity insurance premiums. And that’s pretty attractive to your C-suite.
Automation tools also have a role in keeping insurance costs down, because automating lifecycle management and other IAM processes removes human error and ensures your auditable tasks are accurate and up-to-date.
Compliance and Security
The other side of the security auditing coin is the financial hit your organization could take for non-compliance with regulations or in the event of a data breach. We’re talking more than regulatory fines, settlements to users whose data was exposed, and hefty legal fees.
Poor security practices leading to cyber theft or government penalties erodes customer, investor, and stakeholder confidence. When your company’s reputation takes a hit, the financial repercussions can be massive and long-lasting. Once your company has been affected by a security breach or cyber attack, you will need to invest in intensive (and expensive) ongoing security reviews to determine where your security failed, how to fix it, and how to maintain a high level of security in the future.
The ramifications of security events—especially the expensive ones—are sure to trickle down to individuals within the company in an effort to find “patient zero” in the breach. Failure on your part to adhere to strict security measures and comply with company policies is a career limiting move that is likely to affect your personal bottom line.
While many people consider identity and access management only as it relates to IT security and HR functions, the reality is IAM reaches all corners of the business. How your organization approaches identity and access management can even have a substantial effect on company revenue.
Implementing a comprehensive, scalable digital identity management platform will not only keep data, applications, and systems secure from unauthorized users, it also facilitates business processes like provisioning/deprovisioning employees and managing role changes. Automating lifecycle management tasks frees up your highly skilled (i.e., expensive) IT team to focus on supporting operations that help the company meet its business goals.