Not too long ago, identity access management (IAM) hardly warranted a full-time manager. Mostly, these responsibilities were tacked onto other IT employees' duties. But burgeoning demand for this technology is leading to a convergence of business and IT functions and prompting companies like forest products giant Weyerhaeuser Co. to place ads for full-time IAM technologists. "Convergence is the most significant thing happening in identity management," says Jonathan Penn, vice president and research director at Forrester Research. "Integration and convergence are upfront costs that pay for themselves over time through lower operational costs and better overall security."

IAM began life as an IT security framework to identify individuals within an organization who required access to data, and the access management tool acted as a gatekeeper. Now, however, demand is being driven by business functions, including Sarbanes-Oxley (SOX) regulations and the pressure to overlay governance, risk and compliance (GRC) tools on enterprise resource planning systems, vendors say. IAM "is becoming a cornerstone of an enterprise compliance effort," says Venkat Raghavan, director of strategy for IBM Corp.'s Tivoli storage and security software products. "This is a core process that needs to be applied across a system in many applications."

IAM systems play a key role in complying with SOX because they consolidate and also enable the provisioning, management and auditing of systems and applications across an enterprise. They also can provide the notification and approval processes. Now, in their latest incarnations as risk-based tools, they can alert managers when unauthorized activity is afoot, extending not only to employees, but also contractors and customers. For example, when an accounts payable (A/P) employee sends an electronic check to a vendor, the employee uses the IAM system to establish that the recipient is the correct authorized supplier. The technology also leaves an audit trail for SOX compliance or compliance with other regulations, such as the Health Insurance Portability and Accountability Act (HIPPA) and Basel II. "Auditors are going to want to know who had access to financial information and when," according to Joe Anthony, program director of security and compliance for IBM Tivoli software. "This provides automatic documentation."

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
  • Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.