Chapter 20. Identity and Access Management: The Value of User Experience

Dane Bamburry

When information security or cybersecurity comes up for discussion, most conversations begin with traditional concepts such as firewalls and intrusion protection, which are usually geared towards a defensive mindset. Identity and access management (IAM) is the cybersecurity domain that forces us to incorporate enablement and user experience into the thought process more so than in other domains. Although IAM has been around for a long time, it has become a more mainstream security topic of discussion in the past 10 years. With the addition of smartphones, connected devices, and an infinite amount of usernames and passwords to keep track of, it is extremely important to understand how to develop an effective strategy as secure access to consumer- and business-centric data has become the cornerstone of information technology.

Some may argue that identity and access management goes back to the introduction to usernames and passwords, but to truly understand this vital component of the cybersecurity landscape, we need to go back and understand what is defined as an identity. A general dictionary description of identity is the proven fact of being who or what a person is. So what makes a person’s identity a fact? A birth certificate, driver’s license, and passport are a few examples of what helps to identify a person. When they are used to gain access to some location/facility (e.g., airplane for a flight), after the document has been verified as official and belonging to the person presenting it, a successful IAM transaction has occurred. The transaction’s process and user experience plays a key role in its success. If you can understand that concept, then you are well on your way to grasping the concept of identity and access management.

Oftentimes cybersecurity strategies focus on preventing access instead of ensuring those who should have access get it in a secure manner. As with gaining access to the airplane, the user experience, which involves the presentation and acceptance of the document, is a key component to any successful IAM strategy. Cybersecurity has been assigned a negative connotation of always telling the user no, but we have an opportunity with each IAM strategy to dispel that perception. The key to any successful IAM strategy in the borderless access age is to partner with a communications and change management team regardless of if you are building an internal IAM or customer IAM (CIAM) strategy.

Leveraging communications and change management skill sets in developing and executing IAM strategies is based on a need to gain wide-scale adoption by the user population. Tools that should be included in these engagements include focus groups, user acceptance testing, and user surveys. Whether it be consumer or back office, today’s user population usually consists of multiple generations that have different requirements for a successful user experience.

Today’s digital landscape does not have any boundaries as it has permeated all areas of our lives. As if the lines weren’t already blurred with so many connected devices, the coronavirus pandemic further increased the complexity with the significant expansion of remote work. From an IAM perspective, we have to change our mindset as identities have gone mobile and require access from multiple nontraditional locations and protection from various new threats on a daily basis. I recommend all cybersecurity professionals take a user experience course to better understand how to effectively address the user’s needs in any IAM strategy. It can be the difference between failure and success.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
52.91.67.23