E-Handbook: Designing secure, compliant identity access and management Article 1 of 4

The identity and access management compliance conundrum

Using passwords to access IT systems has become antiquated, with modern identity and access management systems increasingly requiring biometrics and personal information for authorization purposes. The goal of these new capabilities is to protect sensitive data by having users input their own unique identifiers to gain access to the system. These IAM updates certainly are a step up from requiring a letter and number combination password, but can still put data, infrastructure and privacy at risk.

The use of these IAM systems also brings up ethical questions. Just because IT has the technological capabilities to store and use a person's fingerprints or iris scans doesn't necessarily mean they should. Biometric information and other personal data inherent to modern identity and access management systems are prime targets for hackers. And even though biometrics are invaluable to a cybersecurity profile, the data a profile stores can still be a nightmare from a privacy standpoint.

The personal information required for these IAM innovations must be secure and compliant with any regulations specific to the organization's industry. Full transparency with employees or customers about how their IAM data will be stored and used is also necessary -- especially as an increasing number of compliance rules require these changes. The best IAM systems require figuring out where using personal information to improve cybersecurity doesn't end up crossing the line into creating new, unnecessary threats to data security.

Learn more about where these lines should be drawn in this handbook. You'll discover new ways that modern identity and access management techniques are improving company cybersecurity, as well as how to avoid aggregating sensitive data that increase privacy and security risks.