Paramount Presents CyberSecurity For Beginners: Identity and Access Management
Hello guys and welcome to the second episode of the Paramount presents Cybersecurity for beginners. First of all, thanks guys for your great response to our first episode. After the discussion on careers, I figured it would be great if we could shine some light on an often misunderstood area of cybersecurity, Identity and Access Management. When I asked some people out there, what they thought about Identity and Access Management, I got quite a wide variety of answers. Some thought it was to do with identity theft, others thought it’s a means to keep track of employees and so on.
But, guys, IDAM is not all that. And to set things right and enlighten us a little more about what it’s all about we have with us today, Namith Najeeb, our VP of IDAM.
Namith, can you introduce yourself for our audience before we get down to the IDAM business. I mentioned that most people we talked to did not really know what IDAM was about. So could you start with what IDAM is all about?
Namith: Hi everyone. I’m Namith Najeeb, I lead the IDAM practise at Paramount Computer Systems. When Remya came and told me that there is some confusion around Identity and Access Management, I was excited. Because it’s an opportunity for me to set things right and tell people what IDAM is actually about. It’s a burgeoning topic in today's cybersecurity world and is attracting a lot of attention from vendors, venture capitalists, and even employees. Through the course of this podcast, I will talk to you about the different aspects of IDAm and introduce you to the various concepts associated with it in a nutshell so you can understand the domain a little better.
Remya: I mentioned that most people we talked to did not really know what IDAM was about. So could you start with what IDAM is all about?
Namith: Whenever I get this question from a layman or even a cybersecurity expert this is usually what I say. Identity and Access Management is all about knowing all about who has access to what data, also knowing where this access is coming from, and what time the access happened. It is about ensuring that only the right people have access to the right data, at the right place at the right time. To draw a parallel let me give you an example of passport control at airports. You have the border security force which is equivalent to network security that is programmed in the organisations, equivalent to the firewall, IPS and the likes. This is basic security that you need to have in place. You also need to ensure that people are allowed to move across these borders. Just like that you also need to let the data in and out their organisations through these parameters. So when you do give access across these parameters you will have the challenge of how do you know... Who has the access to these data or what kinds of people need to be allowed access to the country and that’s where the passport comes in. You look at some form of ID, some form of verification to ensure that these people are eligible to access the country's borders. In the same way you also look at the organisations and understand these users are allowed access to concerned data. So how do you ensure that? When it comes to passport control, it is your passport, your local ID, your driving license or some form like that. When it come to logical world in an organisations it is your username and password. In the world of Identity and Access Management, we believe that everything will fail and the only identity will protect the data at the end of the day. So it's is like a conventional and mid-level world where you have the fortress you have the all the security in place you have everything protected. But we assume that the attacker is going to get inside and try to kill the King that is where we put all our security around the access to the king and we ensure that right people access to that.
Remya: Ok.. That's Perfect.
So let’s now get to the next question
Who needs Identity and Access Management?
In the analogy you mentioned King, So is it just for the elite, or does everybody who's existing as an organisation need Identity and Access Management?
Namith: I will put it this way. If you are an organisation and you have data inside your organisation which is critical to the functioning of the business, you need IDAM. This data could be financial records of the organisations, this could be customer data, this could be any kind of information that is critical to the smooth functioning of the business and the breach of this data will significantly impact your business then you are in need of Identity and Access Management. I say this because today all the organisations we are work with are from various sectors and of various sizes, but the common theme that we see from all these organisations is that they have a bad need of Identity and Access Management, security solutions. Because data for them is extremely critical. Needless to say today's digital world data is what drives business.
Right... That means anybody who needs to safeguard their data really does need of Identity and Access Management.
Now, next big question. Whenever there is a conversation about cybersecurity, one big question is the Budget. What about Budgets for IDAM?
Can even startups think of identity and access management or is it very expensive?
Namith: Budget is again a subjective discussion because it all depends on what levels of security and what scope we are looking at. Having said that there are solutions which can be afforded by any kind of organisation. It all depends on the value which you assigned to the data that you are trying to protect. So we work with large enterprises, banking institutions, aviation sector and public sector companies as well. But on the other hand we also work with a lot of SME’s to protect their critical data, because this is the backbone of their business. Budgets could be in the range of thousands of dollars to millions of dollars. Like I said what is the area that you are trying to protect. With the detailed conversations we have had with some of the people we could easily work on the budgets and we could understand what is the scope that we are looking at and what are the areas we could probably start off with. So the budget is generally not a great concern for organisations who have identity as the next management challenge.
Namith... That brings me to another question. We function primarily in GCC right. So what is the reception to the Identity and Access Management in this particular geography?
Namith: That's really an interesting question because the Identity and Access Management team in Paramount was set up in 2015 when we saw that there is a need and we forecasted an increase in interest for Identity and Access Management in the region. We took the risk of investing in the people and the infrastructure to setup an Identity and Access Management team. Like I said earlier, we had a 20 member team dedicated to Identity and Access Management. Ever since then we have seen a tremendous increase in reception for Identity and Access Management which is has also been verified by the partners. We have seen a significant amount of interaction and work being done by organisations, vendors and Systems and the reception has been extremely positive for the domain as a whole in the region.
One thing that differentiates us from the rest of the competition is that we had dedicated practices on the Identity and Access Management that has given us a huge edge in the region. And when it comes to this particular domain we have been the prefered partner when it comes to Identity and Access Management. That is I think testimony to the fact that there is a lot of interest in the domain. It also to the fact that there are definitely pain points around this particular area which customer are trying to address. Privilege access government, managing user provisioning, de provisioning providing single sign on to the end user, managing contractors and etc are areas of concern, and companies like us certainly make a difference for organisations.
Remya: Right.. That's Great!!
The Whole reason I wanted to do this podcast and was because we had an interesting conversation around the whole Star Wars concept. We were talking about how the entire saga could have been avoided if only the empire had implemented some basic Identity and Access Management.
So through this conversation with Namith, we have seen a glimpse of what Identity and Access Management is all about. Identity and Access Management clearly has a place in CyberSecurity Today!
Stay tuned for more podcasts! And don’t forget to subscribe to our Youtube, Soundcloud and Mixcloud channels!