While security may be an issue on the forefront of every business’ mind, as well as savvy technology users’ as well, there is far more to the issue than meets the eye, as an illuminating conversation with Phil Allen, the director of Identity and Access Management, revealed.

Indeed, it would be no understatement to call the security issue as complex as it is pervasive. The  good news for businesses is that Dell, for one, has been inexorably moving in the direction of being able to help businesses deal with the security challenges that exist.

Allen explained that, to this end, Dell’s transformation into a software and services company was strongly focused on security itself.

This, he elaborated, was evidenced by the company’s acquisitions of SecureWorks two years ago; and subsequently SonicWall, which focuses on delivering remote access security. Another particularly notable security acquisition came in the form of Quest Software, which brought identity and access management to the company’s portfolio.

From the outside, in

It is the latter capability which Allen cited as being particularly important. He continued that businesses typically tended to look at security from a threat perspective, and thus focused on protecting themselves from outside-in intrusions i.e. security breaches that come from outside of the organisation.

This, for example, was typically addressed in the mid-90s with firewalls, predominantly designed to keep people – and presumed threats – out of an organisation’s network.

Moving on

The problem, of course, is that the world has clearly moved on. Nowadays, mobility has come to the fore and employees want, and often need, to have access to their information, from anywhere and from a variety of devices.

Instead of just viewing security as being a nuisance that entailed locking down information and access more tightly, Allen explained there was a smarter, more fluid approach. Firstly though, he stressed that it was imperative that organisations know exactly who is accessing data, from where they are doing so and from what device.

This then opens them up to set custom levels of access. He elaborated that if an employee is travelling for example, or accessing data on a tablet or smartphone, they would not be given the same level of access as they would enjoy when sitting at their desk in a familiar location.

Rather, they could be given access to their company’s server using a virtual desktop, with no sensitive data being stored on their actual device. Thus, should they lose their smartphone or tablet when on the go, their organisations’ data would still be secure.

Positive enabling

The key therefore is effective identity and access management, which could enable companies to enjoy the same level of control over their data, without having to lock their system down completely.

This then casts security in a different light entirely. It becomes less of a grudge purchase, and acts more as an enabler – permitting employees to access information as needed, do their job more efficiently, while enjoying the benefits of mobility.

However, Allen elaborated that the benefits of identity and access management goes further than that, continuing that it could offer a distinctive business benefit as well. He gave the example of a sales team that was granted access to information used by customer support. They could use these insights to garner a greater understanding of their customers’ needs, and thus potentially generate otherwise missed sales. This in turn could enable the company to make better business decisions and avail itself of hitherto unexplored opportunities.

Can’t we just all get along?

Indeed, he stressed that identity access and management is not just a tool that is intended to make IT administrators’ lives easier, but rather, plays an important role in enabling the business as a whole.

While Allen admitted that there was still some education needed, he reported that organisations are beginning to realise that paying attention to security was not just a cost their business, but could serve as a benefit to it as well.

In addition, this was creating another interesting confluence and potential for cooperation between those in the IT department and those handling the financial aspect of the business.   

From the inside-out

Adding another dimension to the viability of implementing identity and access management was what Allen referred to as an inside-out approach to security. This essentially entailed organisations being cognisant of what was happening internally with regards to security, and managing that as well. For example, Allen explained that the ‘insider threat’ was still a very real concern, whereby an employee in the organisation could be bribed to bring a company’s sensitive information to a third party on a USB stick.

The problem is compounded by the fact that organisations provide employees with generic user credentials, which can be used by numerous people, without the company knowing, or keeping tabs on, who exactly accessed what.

One such example of this is companies who have one user credential for their Facebook or Twitter account that is given to many employees. Should one employee be fired or retrenched, they could quickly access this account, change the required password, and post maliciously about the company on its own account, or worse yet, share sensitive data.

However, Allen added that not all insider threats are malicious, explaining that a company’s security could also be compromised from within far more innocently, as a result of human error.

To the point

The main message from Allen though, was that companies stand to benefit from viewing managing their security not just as an onerous, Sisyphean task, but rather as a means of driving their business forward while deftly navigating the stormy seas of complex security threats.

Indeed, the waves of change need not capsize an enterprise or send it crashing onto the rocks, but rather, it seemed as though the fluidity and smartness of identity and access management could help propel an organisation to new horizons of employee cooperation and overall success.