Identity is the fabric of our digital economy, and executives from the private and public sectors need to focus on managing and governing identity and access across the lines of business within their organizations, say cybersecurity leaders in a new podcast.
“As identity is increasingly woven into the enterprise value chain, it will enable innovative and secure approaches to deliver service,” says David Mapgaonker, advisory principal and identity management offering lead at Deloitte Cyber Risk Services.
Joining Mapgaonker in the discussion on identity and governance is Lauren Nalu, principal at Deloitte Cyber. She explains that identity management has emerged as a core element to strengthening cybersecurity because those vulnerabilities are often the most exploited.
She stresses the need for enterprises to develop an identity governance strategy — and not just identity and access management tools — to keep their organizations secure. Identity governance helps maintain security compliance across an organization, provides clearer guidance when threats are detected and allows for greater resiliency to recover when systems are breached, she says.
Nalu and Mapgaonker provide a number of strategies and security recommendations organizations should consider in the latest episode in a podcast series, “Cyber Everywhere,” produced by CyberScoop and underwritten by Deloitte:
Challenges to integrate identity and access management
“Digital identity is really lagging on investment and priority for a couple of reasons,” says Mapgaonker. “Cybersecurity teams must deal with legacy IT environments and the resistance to migrate to cloud-first architectures.”
He adds that “many organizations haven’t built modern systems that are API-based, orchestrated and enable easy integration with apps. So consequently, an investment into new systems and structure can be somewhat significant.”
Mapgaonker cites a recent Deloitte study which found that without an organizationwide understanding of identity, sponsorship at the executive level can be hard to attain.
Why identity governance is important
“Governance organization around identity sets the guardrails that are used to drive decisions that span multiple parts of the organization,” Nalu says.
“There are complex decisions that come about when running an identity program that span beyond your traditional IT functions; from understanding your customer personas, privacy matters, HR processes, user experience, organizational policy, among others.”
“The most successful identity programs that I’ve seen are those that are supported by decision-makers from multiple parts of the organization,” she shares.
Eight capabilities of a modern identity solution should support
Mapgaonker says that enterprise leaders should make sure their digital identity solutions include the following characteristics:
Successful enterprise identity strategies
Nalu points out that leaders can’t protect every asset in the same way.
“The key with enterprise identity is understanding what you need to protect, and then applying identity protections commensurate with the risk that’s posed by the data that you’re working with, or the business process that you’re working with, to make and get the most out of your investments,” she explains.
David Mapgaonkar is advisory principal and identity management offering lead with Deloitte Cyber Risk Services. He has more than 20 years of technology experience and currently leads the practices work in the US technology, media and telecommunications sectors. He is also deputy identity management offering leader.
Lauren Nalu is principal in Deloitte Cyber, specializing in cyber strategy and governance and helping clients be secure, vigilant and resilient in the face of mounting cyber threats.
Listen to the podcast for the full conversation on the changing nature of digital identities. You can hear more coverage of “Cyber Everywhere” on our CyberScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by CyberScoop and underwritten by Deloitte. Deloitte is formally known as Deloitte & Touche LLP, a subsidiary of Deloitte LLP. For more details, see www.deloitte.com/us/about.