For most companies, privileged access management is associated with creating borders or limitations. Often organizations are forced to implement PAM due to the legal regulations and do not see it as an investment but rather consider cybersecurity as a cost center. Moreover, most employees think of it as another layer of control and make an assumption that the company does not trust them.
All that simply does not create an environment for the perception of PAM as an instrument that can help pave a path to a resilient future of the company. This kind of mindset has to be built as not all companies can think that way. Through our everyday practice, we face this issue a lot and based on our experience have made several conclusions that can help clients create the right mindset of their team on cybersecurity.
Ever since, Identity Management Environments do belong to the ‘more complex’ solution stacks in the world of IT. As a central
component and the ‘spider in the web’, it must adopt to any evolutionary change made in connected applications and systems.
Furthermore, new or modified business requirements or procedures do drive constant changes to IDM-Systems itself.
Depending on traditional, agile or ‘mixed’ service delivery and maintenance approaches in conjunction with multi-tier
environments for development, staging, pre- production and production (or even more), it becomes quite challenging to
appropriately integrate new functionality with the expected level of quantity and quality.
Most likely, its not only code and configuration which needs to be staged between the different system tiers, but also digital
identities and entitlement information.
In this talk, we will investigate different approaches to release and change management techniques specifically for IDM-Systems
and the benefits of integrated Multi-Tier environments. We discuss Good- Practice approaches from several Identity Management
projects from the past two decades, do’s and dont’s and how to deal with pseudonymization in staging environments which can
be used by any team for their ‘real-world’ acceptance tests, demo or lab work.
Key takeaways
• Get an overview of common mult-tier staging environments in IDM/IAM Landscapes
• Learn about good-practice approaches to establish staging functionalities
• anonymization and pseudo-anonymization for entity staging
There is a common theme for many of the mega breaches of recent years – a neglect of basic cybersecurity hygiene that has resulted in a backlog of unpatched apps, misapplied configurations and overlooked tasks. This debt compounds over time and, as with financial debt can snowball to reach a point, where it becomes insurmountable. As organizations become increasingly cloud first, the risk profile from security debt further increases.
So, what can be done to claw back control of security debt? How can organizations build a zero-trust culture where security debt isn’t allowed to be neglected or passed on to others? How can systematic and repeatable processes alleviate the problem? And where do begin this process?
Discussion topics will include:
