Any economic downturn brings new risks to your organization. Nervous employees who fear downsizing may be tempted to gain unauthorized access to sensitive information stored across applications while temporary workers are less loyal and identity verification processes for full-time employees may not be used, making your organization more susceptible.
For this reason, identity and access management (IAM) remains a top priority for security professionals. In Forrester's "The State of Enterprise IT Security: 2008 to 2009," 82 percent of security decision-makers reported that IAM would be an important or very important issue for their IT security organization in the coming year. Forrester predicts that the IAM market will grow from nearly US$2.6 billion in 2006 to more than $12.3 billion in 2014.
Security is an issue with temporary employees because although they offer a lower-cost workforce option as they are hired and fired much more easily than permanent employees, they also bring increased risks. They lack the loyalty that permanent employees feel toward the company and may be less inclined to recognize and report inappropriate activities but they need the same thorough vetting and training as permanent employees. And, because their turnover rate is much higher than that of normal employees, temporary workers need to be provisioned and de-provisioned more often, quickly and cost effectively in large numbers.
Current employees are also a security risk as they may be nervous for the future of their position within a company. Nervous employees are often tempted to mine, steal, or destroy critical information. Monitoring and reporting access to applications and data is critical, especially when employees are at risk of leaving the organization -- voluntarily, for performance reasons, or when layoffs occur.
IAM has solutions for these problems: centralized access management for monitoring and enforcing policies for application access; advances in role-based access control to provide temporary workers with timely access and to deactivate them quickly, uniformly, and securely. Growing support for SaaS applications using federated user account provisioning and hosted IAM provider services adds incremental gains in IAM for many organizations.
Centralized access management increases security and reduces costs. Access management solutions govern centralized access to applications and data. Many of these solutions also integrate with non-Web solutions like desktop, phone, and interactive voice response (IVR), providing tight controls over who can access what data. Recent developments in adaptive and risk-based authentication allow you to put even more granular policy definition around the context of the access.