Call us now Email a specialist
+353 1 6420100 | info@ward.ie
  • Resources
  • Blogs
    • Insights

    Identity and Access Management (IAM) is a game-changer for…

    Identity and Access Management

    Identity and Access Management (IAM) is the process of managing digital identities of individuals within an organisation and their access to systems and services. An individual’s ‘Digital Identity’ is the set of data which uniquely identifies them within an organisation. A secure IAM process gives the right user the right access, to the right resources, at the right time. It is essential to have this fine grained control of user access in big enterprise, including pharma, telecoms, banking, utilities and in other organisations such as third level institutions. It turns information security into a competitive advantage.
    Third level institutions for example are required to manage thousands of digital identities, including staff, students and visitors. These and other organisations need control over the identity lifecycle and access of users’ digital identities to ensure positive user experience, operational efficiency, reduction of security risk and to meet regulatory or compliance requirements. The process of IAM enables this.

    The cloud is changing identities

    Software as a Service (SaaS) is growing and we see increased numbers of organisations utilising more and more cloud services. Cloud brings with it unique challenges as historically, user digital identities were housed within the four walls of the company and were completely within the company’s control. Now with the proliferation of the cloud, organisations are potentially sacrificing control and security in return for improved end-user functionality and reduced costs. The use of cloud services, such as Office365 or SalesForce, by organisations mean that staff now have identities outside the organisational domains. Digital identities are expanding and without a defined IAM process, it will require more time and effort for IT resources to manage user access, remove access rights when necessary and ensure cyber security of the organisation is not compromised.

    What are the drivers for IAM?

    Organisations seek IAM for many reasons, including to use it as a critical security control within their IT operations. Other drivers include high risk of security breach; operational and support costs; lack of process for existing digital identities; everything done on an adhoc basis with lack of auditing; slow access to resources; different logons or passwords to different systems and separate external and internal identities.

    Best practice IAM

    IAM is an ongoing process and we assist our customers in developing an IAM strategy and roadmap, planning their additional of applications in a phased approach and having a centralised policy for all new systems within the organisation. Best practice for the IAM process to better succeed is a single identity for each user. Organisations can provide improved user experience to staff through features such as Single Sign On (SSO) in an environment where authentication is centrally controlled, such as through Microsoft’s Active Directory. At a minimum, organisations can provide improved user experience through same sign on, so a user still only requires one login.
    A well-defined IAM roadmap should create a central set of rules for every application that requires integration into the organisation. It should contain information on how user lifecycles are managed, including joiners, movers and leavers and contain a suite of products which sit at the core of your IT infrastructure. These products should be available to any new system that requires integration in order to r streamline the identity and access process within an organisation.

    How can an IAM process help your business?

    The automated nature of IAM enables cost savings as a result of automated account set up, automated control over user cycles and the reduction of support costs. It frees up budget to spend where needed; reputation, revenue protection and compliance. The IAM process also makes it easier for an organisation to be compliant, both locally and internationally. It can provide information on who has access to what and defines which users have access, which is required by most international regulatory policies.
    IAM creates efficiencies within an organisation by simplifying management of users’ digital identities and freeing up resources. It also increases levels of user satisfaction, which can boost reputation.
    An IAM process is critical in order to reap the benefits of cloud without the accompanying challenges.

    Insights

    Information Security Breakfast Briefing with Certification Europe

    When? 7.30am – 9am Thursday July 23rd
    Where? Dublin Chamber of Commerce, 7 Clare Street, Dublin 2
    With reports of data breaches in the news every day (as well as the millions of others we don’t hear about), information security is on everyone’s mind. Hear from the experts about what you need to know and what you need to do to protect your business, your clients and your staff.
    See the full line-up below. It’s free to attend, so register now!
    Introduction to ISO 27001
    Certification Europe – Eoin Hamilton 
    • The certification process
    • Trends and growth
    • Case studies

    Data Privacy Concerns and Cloud Computing, Ward Solutions – Paul Hogan, Director
    • What is cloud
    • Benefits and risks
    • Legal considerations
    • Data protection in the cloud
    What is Information Security, Certification Europe – Michael Brophy, CEO
    • The three pillars of information security
    • How an infosec management system can mitigate risks
    • Case studies and examples
    Running order
    7.30am – Networking opportunity in lower floor area.
    8.00am – Eoin Hamilton – Intro and ISO 27001
    8.10am  – Paul Hogan – Data privacy concerns and Cloud computing.
    8.30am – Michael Brophy – What is information security? – The three pillars of an ISMS.
    8.50am – Q&A
    9.00am – Seminar closed
    It’s free to attend, so register now!

    Insights

    A focus on training and development, and a good…

    Mick Ryan, information security consultant, Ward Solutions

    Mick Ryan, information security consultant, Ward Solutions

    Tell us what you do at Ward Solutions:
    I have been part of the team at Ward Solutions for more than eight years and my role is information security consultant. During that time, I’ve worked on a range of projects for clients in both the private and public sectors. It’s an exciting industry to work in as it’s constantly changing.  Staying on top and ahead of the latest trends and developments is crucial and is a vital part of my job.
    What does a typical day involve for you at Ward?
    It’s hard to define as every day is different, and new projects come into the fold while others wind down. For example, at the moment I spend three days per week off-site at the head offices of a client working on a number of intensive projects which involve the handling of customers’ data, which can be tricky but very rewarding. As a senior consultant, it’s part of my role to go to conferences, webinars, and events to stay up to date with the latest developments and trends in information security, so that also leads to a lot of variation in my schedule but it is essential in staying in touch with the latest changes in the industry.
    What is the most challenging aspect of your role?
    The ever-growing and ever-changing threat of cybercrime is the most challenging aspect. Information security is an incredibly fascinating and challenging career – cybercriminals are constantly thinking of new ways to keep us in our jobs! Every week we see new, more innovative and more worrying cyberattacks take a toll on people, organisations and even entire countries.
    It is a constant battle to stay on top of this and help our customers’ to keep their businesses secure. Since I joined Ward in 2007, I’ve provided a range of consultancy services with many different customers, including penetration testing, risk assessment & audit, social engineering, and secure network design. We recently commissioned a survey which showed that almost half of Irish workers have experienced personalised spear phishing attacks at some stage with almost 10% of these being successful. Cybercrime and the sophistication of these attacks have never been more prevalent.
    What do you enjoy most about your role in Ward Solutions?
    I’ve touched on it already, but the opportunity to keep learning and the new challenges I face definitely stand out. Whether it’s working on a new project and getting to know the specific needs of customers, researching the latest malware attacks, or assessing customers’ IT infrastructure, every day is different and full of fresh experiences.
    Culture is so important in the workplace. Ward recognises the necessity for myself and the team of consultants to be at the top of our game – we get the time and flexibility to study and understand the latest industry trends and developments. This means our clients have access to the latest training, techniques and expert opinion.
    How does Ward Solutions create a positive working environment?
    Working at Ward is a positive and rewarding experience. It’s full of talented people and that has enabled me to grow in my own role and learn and develop my skillsets. There’s a great work-life balance! Ward encourages and organises great social events for all staff to get involved in. I’m a big fan of golf and there’s usually an event relating to the sport to look forward to, as well as things like the occasional night at the races and plenty more.
    Every month we host a half-day session, where a few topics are chosen and someone speaks on them. It gives everyone a chance to catch up and also allows us to discuss what’s happening in the industry and see things from different perspectives. It really is a great team and I feel privileged to work here.
    If you’re interested in joining the team at Ward or finding out more about our services, please don’t hesitate to get in touch.

    Insights

    A cloud over security

    “The cloud” has become one of the most widely used buzzwords in the business and technology world. More than just a buzzword though, it is also one of the most widely used services across all industries.
    Despite this, many people don’t even know what it is. In simple terms, cloud computing relates to storing data outside your computer or device, and performing tasks using software and applications not installed on your computer. Many people use cloud and don’t even realise it through everyday applications like Dropbox and Google Drive.
    Are your cloud providers secure?
    When it comes to information security, many companies make the mistake of not looking beyond their own organisations.
    Recently, we commissioned a survey in association with TechPro magazine of 263 IT professionals in Irish businesses. It looked at various aspects of information security within organisations based in Ireland.
    Nearly 40% of respondents said they did not conduct a full cybersecurity evaluation of all third party cloud providers working with their organisations. A further 23% weren’t sure if such evaluations took place.
    It’s important to remember that no matter how secure your own organisation’s IT infrastructure is, the cloud vendors you work with are an important link in the chain. If they fall victim to cybercrime, this can have a direct negative impact on your organisation.
    Our experience tells us that organisations do not adequately consider the security of their downstream supply chain, whether cloud or non-cloud. When it comes to providing an integrated security service for your company, it’s important to liaise with providers who can reduce the complexity and cost of dealing with multiple suppliers.
    Protecting your organisation’s sensitive data
    It’s important to consider what organisations in the supply chain have access to sensitive information and conduct a full assessment of any potential risk with third party providers.
    Malicious hackers are taking advantage of this security blind spot and are actively targeting less secure, smaller third-party partners as an access point to larger organisations.
    Important Questions to consider:

    • Which providers have access to my organisation’s sensitive data?
    • Does my organisation assess all third party providers before giving them access to sensitive information?
    • Do you have non-disclosure agreements with third parties?
    • Who in my organisation manages this process?
    • Is their role clearly defined?
    • If in doubt, ask a trusted security expert.
    Insights

    Don’t go over your budget, but do go over…

    Don’t go over your budget, but do go over it
    Budgets are one of life’s irritating necessities. It’s an important necessity however as without them there would be no accountability and departments within each organisation would be broke come end of the financial year.
    IT budgets are constantly in flux, tied to a number of variables. CIOs and IT decision makers are dealing with ever-changing priorities and factors that have an impact on where they should spend.
    Information security
    Information security is one of the most important areas that needs to be considered on a CIO / IT decision makers’ list.
    Last month, we commissioned a survey of 263 IT professionals in Irish business via TechPro magazine looking at various elements of information security including the average information security spend.
    The most notable statistics was how much companies actually spend on the impact of cybercrime and security breaches, in terms of protection, response and damage done.
    The findings revealed that on average, Irish organisations spend €240,000 each year dealing with cybercrime.
    Where should you spend?
    There’s no one-size-fits-all solution for information security that all organisations can adapt – it depends on a number of factors like size and risk factor.
    Our experience tells us that organisations typically spend somewhere between 4% and 10% of their IT budget on information security. That’s a significant chunk to be spending on an annual basis, so it’s important to make sure it’s going to the right areas. We recommend a proactive approach instead of costly firefighting which is a drain on budgets and energy.
    There are any number of security solutions organisations can avail of – it’s important to talk to an informed expert who can assess the needs of your organisation and perform a full risk assessment and audit.
    Organisations that have been unfortunate enough to suffer a security breach will tell you that prevention is better than the cure, so it’s better to invest early and have the right structures in place in case the worst happens.