April 14, 2016

Which hat do you wear today?

Markus Melin

Head of Tieto Security Services, Tieto

Tomi Behm

Lead Security Services Product Manager, Tieto

To achieve security in the age of hybrid business, you need to manage users' identities effectively across system and enterprise boundaries.

Identities are like hats. You choose your headwear according to the temperature (warm beanie, thanks, for Finland), situation (team cap for ice hockey game is a must), or just for the mood (today, I feel like putting on my Captain’s Hat).

When speaking about security, identities signify the usage rights we have to our organization’s systems and services – people wear different hats depending on their roles. For example, an HR specialist has access to everyone’s employment data, whereas a systems engineer has no business seeing information about the salary of the colleague in the next cubicle.

It’s easy to keep hats well organized, but identity management is a giant headache for the IT department. People leave jobs and change positions, new people get hired, and identities should adapt instantly to the new situations. Otherwise, there is a great risk that the wrong people gain access to information that does not belong to them. Or an employee gets frustrated, when he/she cannot access the information that is needed to do the job well. It’s also much easier to steal an electronic identity than a real-life one.

We’re all hybrids

Modern work is hybrid. There are no borders between departments of even companies. Work is flexible, and things are done in a way that is beneficial to the whole. Project teams change often, so it is only sensible to give temporary access rights to corporate systems also to partners outside the company. Even though there are risks involved, the benefits clearly outweigh the disadvantages.

If identity management is already difficult in the organisation’s own closed environment, one can only imagine what kind of hassle arises when we add mobile devices and public cloud services to the equation.

No wonder CIOs have trouble sleeping at night. How can he/she be sure that an industrial spy hasn’t stolen a contractor’s mobile phone to sneak in and steal business-critical information? Or that a dismissed worker doesn’t wreak havoc in the system before you’ve had time to revoke access rights?

The intent isn’t always malicious, either. Sometimes a clueless user is able to do unintentionally more damage than a hacker that tries to break into your system.

How to give the CIO a good night’s sleep?

Fortunately, it is possible to prepare for crises and solve even the most difficult security problems. This requires an active approach to the management of user identities during their entire digital life cycle, as well as tools that can handle identity and access management in complex hybrid environments.

It is of utmost importance that the person who is responsible for the organisation’s security has a real time view to network traffic, so that he/she is able to detect anomalies quickly before things get out of hand.

Good tools are just one side of the equation. Also the organization’s processes and practices have to be rethought from the ground up to support the desired level of security. For example, a research by consulting firm PwC showed that only less than one half of the companies had made any plans to cope with possible internal security threats.

A good starting point is to educate users to detect threats and take personal responsibility for security. In addition, the access rights must be transparent and allow access only to resources that are absolutely needed to get the job done.

When the roles and identities are in place, the organisation is able to tackle and even avoid security crises. The CIO or security manager will sleep better and – as an additional bonus – have more time to support the actual business.

Our intention at Tieto is to give you the tools to create and enforce effective authentication and authorisation rules, as well as manage users across system and enterprise boundaries. As an example, Tieto Security Wall brings unprecedented transparency to the organization’s security posture by correlating information and allowing identity profiling across multiple security systems.

This way, you’ll be able to achieve security in an age of hybrid people, hybrid communities, and hybrid business.

Read more about how Tieto can help to protect your organization.

Stay up-to-date

Get all the latest blogs sent you now!