Building an IAM Strategy for the 'New Normal'Panel of Experts Offers Insights on Strategies During COVID-19 Crisis
The identity and access management strategy for the remote workforce should ensure contextual authentication to establish the credentials of the users, apply risk-based authentication for measuring user risk profiles and establish a multifactor authentication mechanism, a panel of experts says.
See Also: 2021: A Cybersecurity Odyssey
"Most mature organizations are taking the risk-based authentication approach as part of the IAM strategy that will help understand the risk profile of the user in all its entirety, including identifying the location, devices, and access points and remove as much friction as possible," Brijesh Datta, executive vice president and CISO at Reliance Jio, a telecommunications organization, says in the video panel discussion with Information Security Media Group.
Charanjit Singh Sodhi, executive director and head of IAM at Nomura Wholesale, a financial services organization, notes: "Establishing a contextual authentication process is very critical in the IAM strategy for the remote workforce which needs to be expanded to ensure basic security hygiene."
Anand Pande, CISO at Goods and Services Tax Network, which provides IT infrastructure and services to the central and state government and taxpayers, adds: "Organizations should revisit their IAM policies for the current environment, which is tightly integrated with the PAM strategy, to balance the business need and security, along with a multifactor authentication mechanism to establish secure communication between infrastructure team and clients and enable the right access to the users."
In this video panel discussion, the three experts address:
- How to apply a single sign-on strategy for better user access control;
- The importance of privacy to IAM;
- Improving identity governance and enhancing security posture with IAM.
As the executive vice president and CISO at Reliance Jio, Datta manages security for all the company's vertical markets. Datta has more than 25 years of experience in telecommunications, IT, and information security. He was a former army officer who was instrumental in defining cybersecurity practices for the Indian Army in the late 1990s.
Sodhi served with distinction as an officer in the Indian Navy, where he was awarded the Chief of Naval Staff Gold Medal and the Sword of Honor. After that, he has worked at SecureSynergy, Fidelity, Airtel, and JPMorgan Chase. Currently, he is the executive director and the head of identity and access management at Nomura Wholesale.
Pande is the CISO at GSTN. He has more than 18 years of experience in InfoSec, IT governance, risk management, and compliance. He has worked in several industrial sectors, including banking, financial services, and Insurance, Fast Moving Consumer Goods, IT/ITES, and telecommunication. His areas of expertise include designing, implementation, and management of information security, IT Infrastructure and IT security.