Top Challenges in IAM Program

Editor’s note: Ashley Stevenson, Identity Technology Director in ForgeRock’s office of the CTO, and head of our Federal business unit, was a panelist on the Federal Executive Forum radio show in late 2015. He appeared on the Identity & Access Management In Government Progress & Best Practices panel alongside execs from Dell, Symantec and immixGroup, and officials from the Department of Homeland Security, Department of Defense and the NIST. We’re running excerpts from Ashley’s remarks alongside clips from the show. Here's the fifth clip:

Top Challenges in IAM Program

I think we’ve heard overall that the great challenge with identity is that the scope is so broad that you have to tackle all of it to a certain extent to meet your security and your functionality goals because the attacker will find the weakest link. So we’ve talked about governance, we’ve talked about single sign-on. If you think about fine-grained authorization you could have someone authenticated to the highest level, but if they have too many rights that they’re not supposed to have, there’s still a risk of an unintentional or intentional insider threat causing a problem. And also the challenge is, because identity is connected to everything, it’s the ability, the need to find the needle in the haystack of the interconnected relationships between all the people and the access and the credentials to get insight as to what’s going on to either give a better user experience or to mitigate potential threats and discover what’s happening. So the challenge is all of these pieces need to come together to get to the goals that we actually need to reach, and it’s a lot of different moving parts that need to come together.