Access Management , Identity & Access Management , Security Operations

IAM Governance: Taking the Right Steps

Three Experts on Taking a Top-Down Approach
(From left): Mark Frogoso, Shane Read, and Varun Kakkar

Identity and access management has not been easy for security practitioners, and managing IAM governance is a tougher problem. Three experts - Shane Read, chief information security officer and chief information officer at Hex Trust; Mark Frogoso, group CISO at Mynt (Globe Fintech Innovations, Inc.); and Varun Kakkar, group head of cybersecurity at Tricor Group - share tips on IAM governance.

See Also: Visibility Into Distributed Cloud Environments

"An important part of one's IAM governance journey is finding out what current tools are best to use. More often, you will find that one tool will be great for IAM and another one will give faster certifications. And this platform might not be great in password management. So, it is important to identify the business needs and find the right solutions," Read says.

"Thanks to PAM, CIAM, etc.," Frogoso says, "we now have more context and focus areas. We have more visibility. IT is really about the general principle of IAM. It is about having the right users, identities, right level of access, on the right resources."

"You can't drive governance bottom-up. It has to be a top-down approach. Hence, IAM governance shouldn't be looked as a technology-only project. All stakeholders need to be brought together and understand their challenges," Kakkar says.

In this video interview, the three also discuss:

  • The challenges of providing a governance structure for IAM;
  • How to bring legacy applications into the IAM governance structure;
  • How CIAM and PAM can help with IAM governance.

Read is CISO and CIO of Hex Trust. He was formerly the group CISO with Noble Group. Before this, he served in key roles within the Australian federal government, including as the Department of Defense's information systems security officer.

Frogoso is group CISO of Mynt (Globe Fintech Innovations, Inc.). He is responsible for establishing and maintaining the information security vision, strategy and programs to ensure the organization's assets and data are adequately protected and enable the organization to achieve its business objectives.

Kakkar is group head of cybersecurity at Tricor Group. He has more than 13 years of experience in IT and security, and his specialties include understanding local and international regulations and compliance. In an earlier stint with a large systems integrator he worked hands-on to deliver end-to-end information security, cybersecurity and infrastructure solutions.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.