IAM Governance: Taking the Right StepsThree Experts on Taking a Top-Down Approach
Identity and access management has not been easy for security practitioners, and managing IAM governance is a tougher problem. Three experts - Shane Read, chief information security officer and chief information officer at Hex Trust; Mark Frogoso, group CISO at Mynt (Globe Fintech Innovations, Inc.); and Varun Kakkar, group head of cybersecurity at Tricor Group - share tips on IAM governance.
"An important part of one's IAM governance journey is finding out what current tools are best to use. More often, you will find that one tool will be great for IAM and another one will give faster certifications. And this platform might not be great in password management. So, it is important to identify the business needs and find the right solutions," Read says.
"Thanks to PAM, CIAM, etc.," Frogoso says, "we now have more context and focus areas. We have more visibility. IT is really about the general principle of IAM. It is about having the right users, identities, right level of access, on the right resources."
"You can't drive governance bottom-up. It has to be a top-down approach. Hence, IAM governance shouldn't be looked as a technology-only project. All stakeholders need to be brought together and understand their challenges," Kakkar says.
In this video interview, the three also discuss:
- The challenges of providing a governance structure for IAM;
- How to bring legacy applications into the IAM governance structure;
- How CIAM and PAM can help with IAM governance.
Read is CISO and CIO of Hex Trust. He was formerly the group CISO with Noble Group. Before this, he served in key roles within the Australian federal government, including as the Department of Defense's information systems security officer.
Frogoso is group CISO of Mynt (Globe Fintech Innovations, Inc.). He is responsible for establishing and maintaining the information security vision, strategy and programs to ensure the organization's assets and data are adequately protected and enable the organization to achieve its business objectives.
Kakkar is group head of cybersecurity at Tricor Group. He has more than 13 years of experience in IT and security, and his specialties include understanding local and international regulations and compliance. In an earlier stint with a large systems integrator he worked hands-on to deliver end-to-end information security, cybersecurity and infrastructure solutions.