Hard to imagine right now but cast your mind back to the not-so-distant past when everything was normal, or at least what we assumed was normal which, by the way, may not be normal in the future.
Now let’s look at the role of the CISO, not the day-to-day but the overarching role. A good CISO will lead the charge in modernising the technical element of the business. There are lots of stakeholders involved – employees, customers, contractors, suppliers – all of whom have a vested interest in the technical evolution of the business and their demands and requirements must be listened to and acted upon.
But that’s not all they do. There will be constant demands from on high to reduce operational costs and improve cybersecurity.
How on earth do you go about improving the productivity of the company’s myriad stakeholders and making your systems more secure but reducing operational costs at the same time?
That’s the $64m question.
One for which the brilliantly-named Remy Champion, Campaign Manager at Okta has the answer.
However, according to Deloitte’s 2017 CIO survey of over 1,200 tech leaders in 23 industry segments in almost 50 countries, there are large gaps between IT capabilities and business expectations…
- 57% say they are expected to help with innovation and developing new products and services
- 70% said they are expected to lower operational costs while improving service levels to drive business performance
- 67% of CIOs reported that the leaders expect them to reduce IT costs and drive efficiency, while 66% stated they are also expected to maintain the same or better availability and performance of IT systems
And the clincher? The report says that 61% of CISOs identify cybersecurity as a core expectation, but only 10% report that cybersecurity and IT risk management are a top business priority.
Let’s just let that sink in for a moment. Only 1 in 10 report that cybersecurity is a top business priority. Presumably the head honchos are more concerned about selling stuff they make than protecting stuff the have. But once the stuff they have that isn’t protected has been stolen, they won’t be able to sell any of the stuff they make.
Wow. OK, let’s move on.
The Real Struggle
While CISOs are expected to drive efficiencies, two additional factors come into play. First, the stakeholders we mentioned above – staff, contractors, suppliers and customers – have all become accustomed to the agile, cloud-based applications that are accessible from anywhere there’s an internet connection but second, the transition from legacy, on-premises technology into the cloud is a slow one.
There’s more bad news but we’ll get to the good news shortly. Please bear with…
So, because the transition is slow, a lot of companies are opting for a hybrid environment, whereby some applications and systems are cloud-based, and some remain on-premises. It’s fine in theory but it makes the vital job of managing user access harder.
Remy Champion says that the rise in difficulty of managing user access is ‘because the growing number of enterprise applications means that users have to be granted access to various tools in order to do their jobs. On top of that, users can now access systems from multiple locations and devices that aren’t owned or controlled by the organisation. In order to effectively deliver on this task and still meet the expectations of the broader executive team, CIOs need to incorporate a robust lifecycle management process.’
Legacy Processes = Human Error
The employee lifecycle is shorter than it used to be. Attrition rates are higher and the talent is moving around quicker than ever before so getting a hold on the applications people need and their access levels is difficult because of the amount of coming and going. It gets harder still when dealing with the variety of access required for that list of stakeholders we keep talking about.
In a lot of companies, this constant change is handled somewhat mechanically using spreadsheets, email and support tickets but of course this throws up its own issues, namely the propensity for human error.
Not only does this slow down the process of employees getting the right access for the right apps, there is also the real danger of the information ending up in the hands of someone it shouldn’t. Manual lifecycle management an also lead to delays in offboarding users, so employees that are no longer employees still have access.
If you’re in a regulated industry this can, at best, leave you out of compliance and at worst, vulnerable to attack from a disgruntled employee.
Moving fully into the cloud has its advantages – of that there is no doubt – but it also makes the lifecycle management process even more complex (we said there will be good news coming so please, just another few seconds) as there are more and more applications, devices and locations for IT to manage. Most are not set up to handle this transition.
But Wait! Here, Finally, Is The Good News!
The way to address these (often seemingly insurmountable) user lifecycle problems is by turning to the world of automated solutions, and the benefits are as clear as day.
…lower the complexity of managing separate, varied provisioning and authentication policies spanning both cloud and physical resources.
maintain the lifecycle of a user from the moment they arrive through any number of role changes and promotions right up until they leave.
In other words, it answers the question we posed at the top of the page – How on earth do you go about improving the productivity of the company’s myriad stakeholders and making your systems more secure but reducing operational costs at the same time?
A little more detail as to how?
Sure, OK then.
Let’s take Okta’s Lifecycle Management software. A very quick look at the website gives CISOs all the information they need –
- 30 minutes saved on every application provisioning request
- 30 minutes on determining and configuring groups and entitlements
- $20 (£16) per user saved in preparing for annual audits
There’s more of course but right there you’re saving time and money while keeping your critical business data more secure.
By using a policy-driven, automated and contextual approach to lifecycle management that can cope with access provisioning for an expanding organisation with internal and external users, it gives your IT department a range of tools to enhance their identity management processes, including:
- A centralised view into which users have access to which resources
- Built-in best practices that ensure IT automation, as well as a frictionless and intuitive user experience
- Extensibility to any application on any device
- One source of truth for users, groups, and devices
- The ability to create self-service flows for access requests that bypass the IT helpdesk
As businesses finally make their way into the cloud they can at the same time optimise their IT performance in managing identities which frees up valuable time for their 9-5.
Where Are The Wins?
By using automated lifecycle management tools such as Okta’s offering, CISOs can reduce both complexities and costs and at the same time enhance security by, amongst other things, automatically offboarding employees.
For the CISO it meets the goal of lowering operational costs while improving service levels and from a broader standpoint, as enterprise cloud adoption continues to gain momentum, businesses need to be able to securely embrace the cloud by mitigating the emerging risks from identity attacks.
Contact us today on firstname.lastname@example.org or call 020 7078 0789 and we’ll talk cloud and email security, communications platforms, cutting-edge IT solutions or whether you think the Premier League season will be a) played to a finish, regardless of how long it takes, or b) deemed null and void, depriving Liverpool of what would have been the most sensational season in history.