The Ongoing Evolution of Identity and Access Management

ARTICLE | May 30, 2024

Authored by RSM US LLP

Cybersecurity remains a chief concern for middle market companies, and the battle against cybercriminals shows no signs of slowing. Hackers will take advantage of any vulnerability they can find to breach a network, and history has shown that accounts and systems secured by passwords are inherently at risk. Instead, proactive companies are focusing on passwordless digital identity strategies, with identity and access management (IAM) strategies at the forefront of that movement.

Many security strategies that companies commonly employ can lead directly to cybersecurity concerns. In the 2024 RSM US MMBI Cybersecurity Special Report, the leading digital identity measures among middle market companies were providing access as needed (31%), single identity access to systems such as single sign-on (24%), and disparate usernames and passwords (22%).

No method is perfect, but the first two of these strategies often require security personnel to manually commission and decommission access, which can be a challenge when companies have few internal resources and additional qualified talent can be difficult to hire and retain. Further, utilizing disparate passwords is no longer a truly effective strategy, as hackers can often guess passwords or user may write complex logins down on paper or store them in a file on their computer, creating low-hanging fruit for potential criminals.

The potential answer lies in the fourth most popular answer in the MMBI survey: Passwords are a thing of the past. While only 11% MMBI survey respondents indicated that they have gone passwordless at this point, the momentum behind these IAM strategies is growing. And for good reason.

In today’s technology environment, users, systems and devices all have their own identities, and often multiple identities, depending on what they are trying to accomplish. Unfortunately, those are difficult to harness and manage within traditional digital identity strategies.

“There are a couple of different aspects to IAM, and every company comes at it in different ways,” says Chad Wolcott, a managing director at RSM. “Ultimately, I see more organizations looking at IAM as an enabler to confidently manage those digital identities. It allows companies to manage that entry point into the organization and do it in an efficient and secure way.”

IAM enables companies to manage some very tactical security areas more effectively. For example, an effective IAM approach can help onboard people quickly so they can be productive immediately and access can be removed with they leave the organization. There are other security controls that can do that, but IAM creates a frictionless experience for employees and customers.

IAM is all about creating better user experiences within a company’s overall cybersecurity framework. From a security and access perspective, it’s the best of both worlds.

“It uses identity to help deliver an experience that empowers the user—whether that’s a customer or a member of your workforce,” says Daniel Gabriel, an RSM principal. “It’s really more of a business tool than anything else anymore.”

As companies consolidate and perform transactions, IAM can be a valuable tool to maintain security and create a consistent user experience.

“As companies buy up their competitors, you can have the same population that has different views of the organization,” says Wolcott. “If I have accounts with five different small banks and they all get acquired by a regional bank, that bank sees me as five different people. That’s not the experience I want as a customer. Using IAM to merge all that information together into a single experience is hugely powerful because then you can apply other controls on top of that to ensure everything is happening securely.”

Establishing an IAM approach is not a technology-first problem. Companies need to understand the key drivers in the organization and determine a strategy around what they want to accomplish. Use cases that need to be factored in should be detailed and then rightsized to fit the program before execution.

“Thirty percent of the identity challenge is technology,” says Wolcott. “The other 70% is the people, the process and dealing with bureaucracy. So, the best way to start is to understand what the organization’s needs are, and then build up that road map to meet those needs over time. It’s about incremental progress over delayed perfection. Do not try and do everything out of the gate—start small and build from there.”

This article was written by RSM US LLP and originally appeared on 2024-05-30.
2022 RSM US LLP. All rights reserved.
https://rsmus.com/insights/services/risk-fraud-cybersecurity/the-ongoing-evolution-of-identity-and-access-management.html

RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.

Chortek is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.

Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.

For more information on how the Chortek can assist you, please call us at contact us.