Identity and Access Management

Does the colleague next to you actually have the correct permissions within your IT structure? And the departing colleague—does she really no longer have access to your company data? Is there even a risk of e-espionage or theft of company information? These are useful questions, but we often don't know the answer. Problems with Identity and Access Management (IAM) are therefore common within organizations.

According to the 2024 DTEX Insider Risk Investigations Report, 15% of departing employees take sensitive information (such as customer, employee, and sales) with them, and a whopping 76% of departing employees steal some company information for their own gain. This is a worrying trend, exacerbated by the growing crossover of corporate data to personal devices.

Identity and Access Management Deserves Attention
Identity and Access Management (IAM) focuses on managing digital identities and regulating access to corporate resources. Who has access? And to what? It is crucial that only authorized users have access to the correct information and systems, while preventing unauthorized access.

In today's society, an increasingly complex digital identity is forming around employees. We work with computers daily, use more applications than ever before, and due to the proliferation of hybrid working, company data is exposed in places where it would previously have been unseen. Geopolitical tensions are increasing cyber risks and creating even more reasons to steal digital identities.

At Agerion IT, we work daily to strengthen this type of cybersecurity. One example is the progressive Baker Tilly International. Our colleague Nick Visser has been involved in user management for quite some time within this large organization (over 40,000 users, spread across 700+ offices worldwide).

By implementing cross-tenant synchronization, the more than 44,000 active users could be proactively screened. It was crucial to eliminate non-existent users and move to a fully verified user database. Afterward, all roles and permissions of the remaining 40,000 legitimate users could be reviewed.

If legitimate users remain in a user database and their roles and rights are up-to-date, conditional access policies and device management can be considered. Conditional access policies work with requirements that users must meet to gain access. This provides an additional check to ensure you are who you say you are. For example, if a user wants to access an application, they must complete multi-factor authentication (MFA) to gain access.

This creates a world where a healthy, efficient level of digital identity control is established. One weak spot, however, is our varying device usage. How many devices do you use with work data? A laptop, a phone, a tablet? Fortunately, these can all be identified and monitored with tools like Microsoft Intune, Mimecast, and SentinelOne. From a central dashboard, you can roll out uniform policies and configurations to the connected devices. Think, for example, of Wi-Fi and VPN configurations, as well as security settings like encryption and device lock.