NEW YORK, May 15, 2019 /PRNewswire/ -- As businesses transform and tangible "walls" give way to a limitless cloud environment, organizations should be able to use their identity management programs to enable more fluid, more capable, and more secure digital transformation initiatives. Deloitte's cyber practice today provided 10 questions organizations should ask about their digital identity management programs.
Digital transformation initiatives are likely to bring much improvement and complexity into an organization's ability to effectively secure access to internal and external stakeholders. In the recently released "2019 Future of Cyber" survey, respondents indicated that the top three enterprise identity security initiatives were:
- Migration of on-premise active directory to a multi-tenant, cloud-based IAM service.
- Identity analytics user and entity behavior analytics (UEBA).
- Privileged access management (PAM) and advanced authentication including multi-factor authentication (MFA) and risk-based authentication (RBA).
Identity management is important for enterprises where trust and reputation are their top concern. However, solving for the initiatives stated above and determining what digital identity solution is appropriate for an organization based on enterprise needs can be a challenge as each organization has particular needs and requirements. Identity solutions must continue to adjust to the expanding threat landscape and changing compliance pressures.
Deloitte's cyber practice suggests organizations honestly answer the following questions about the future of their digital identity programs to help them solve for the resource, technology and capabilities constraints of the future:
- Does our enterprise plan to transform digitally? If so, do we know whether we'll adopt a hybrid environment or a completely cloud-based environment? If the latter, will it be a public or private cloud?
- Does our identity and access management solution meet our changing end-user and information technology (IT) requirements given the technology improvements of digital transformation?
- Do our identity and access management processes fully secure third-party identities access our network? Do we know all the third parties that connect to our environment?
- Do we know all the privileged identities within our IT environment? What procedures do we have in place to detect, prevent, or remove orphaned accounts?
- How do we employ MFA policy? Do we enforce a consistent layer of MFA or do we deploy a step-up authentication depending on the severity of access requests?
- As every organization races to become the category leader in customer experience, are we able to harness the potential of consumer identity?
- Does our identity solution provide identity analytics showing how users are using the access that they have been granted?
- With the shortage in qualified identity professionals, can we deploy and expand our identity program to get the outcomes we need?
- What are our compliance concerns today and how will we address them tomorrow?
- Is our identity deployment providing the business outcomes we want along with the business value we need?
"Managing cyber risk across the enterprise is quite different than it was even five years ago. Cyber is everywhere and it is too big for any one organization to manage on its own. It's why organizations need to think about digital identity as a platform in order to move faster and more securely," said Mike Wyatt, cyber identity solutions leader and principal in Deloitte & Touche LLP. "With an ever-changing threat surface, a well thought out cloud solution with a quality provider may be able to provide a better cyber posture than those created in-house. Organizations need to ask themselves what risk they can tolerate and resources they can commit without negatively impacting their core business strategies."
Deloitte combines the technical, operational and strategic experience it takes to integrate solution provider capabilities into a strategic roadmap that matches each organization's specific needs and resources. Working with innovative solutions providers, Deloitte's alliance ecosystem helps its clients solve their most complex cyber challenges. The strength of its alliances is demonstrated in recent recognition by cyber identity solution providers. Deloitte was recognized as Okta's Partner of the Year in the Americas and Asia Pacific (APAC), in the privileged management space, CyberArk's growth system integrator partner of the year, both BeyondTrust's global alliance partner of the year and systems integrator Americas, as well as Innovator of the Year by Saviynt.
"We put concentrated effort and attention into developing our third-party relationships in order to bring leading cyber solutions to our clients. The recognition by Okta, CyberArk, BeyondTrust and Saviynt is how that effort is meaningful to both parties and we are pleased to make available to our clients a comprehensive identity platform," commented Scott Plutko, cyber alliances leader for Deloitte cyber risk services and managing director in Deloitte Services LP. "Deloitte is helping organizations take advantage of the flexibility our relationships make possible and better balance business integration and process organization."
As part of Deloitte Risk and Financial Advisory, Deloitte's cyber risk services practice includes thousands of dedicated cyber professionals, across 20 industry sectors, who help clients better align cyber risk strategy and investments with strategic business priorities, improve threat awareness and visibility, and strengthen their ability to thrive in the face of cyber incidents. The cyber practice advises, implements and manages solutions in strategy, defense and response; data security; application security; infrastructure security; and identity management. In 2019, the cyber practice opened the Cybersphere, a state-of-the-art destination to help clients explore their most pressing cyber challenges. The Cybersphere offers a Watch Floor for 24/7 threat monitoring and reconnaissance to help clients detect and respond to threats in real time; a Cyber IoT Studio, where next-generation security is developed and tested; and a client-centered Core, featuring labs that provide disruptive, interactive experiences to provide clients a forum to engage on the cyber topics impacting organizations, share information and identify ways to increases capability and confidence in the face of ever-evolving cyber threats.
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500 and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today's marketplace to make an impact that matters — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.