Identity & Access Management , Security Operations , Video
Dynamic CISO Award Winner: Lessons on IAM Implementation
NXP Semiconductors' Pooja Agrawalla on her Passwordless Journey, IAM ImplementationIAM has always been a manual process. While many organizations try to automate IAM, it is not easy. Pooja Agrawalla, head of IAM at NXP Semiconductors and winner of Information Security Media Group's Dynamic CISO Excellence Award for Women Leaders in Cybersecurity, discusses best practices for IAM deployment and automation.
See Also: The Backbone of Modern Security: Intelligent Privilege Controls™ for Every Identity
"I have worked in a 150-member IAM team. It was such a large team because most of the processes were manual. Every analyst was trying to create the account manually into multiple systems. Today, we have moved beyond that manual process," Agrawalla said.
"Tools of IAM can do this now, provided you configure them to do that," she said. "But even if I automate the account creation process in multiple systems, I still deal with a lot of errors. There are applications that do not want to use central provisioning tools. So, how do I manage these systems because I do not want to end up doing manual processes?"
Agrawalla is a big believer in identity fabric or IAM API layer. "There are tools available to manage your service request within your IT. If you want access, you go to the required tool and the tool will automatically handle your access requirement. But, we need to plan them carefully. We have to make sure it is comprehensive, consistent and secure," she said.
In this video interview with Information Security Media Group at ISMG's Dynamic CISO Excellence Awards and Conference, Agrawalla also discusses:
- The six steps to follow for a smooth implementation of IAM;
- How to move toward passwordless authentication;
- The value of using an identity fabric architecture.
Agrawalla has more than 20 years of experience in the identity, access, governance and privileged access management solutions space. Her areas of focus include cloud security and cloud identity governance, identity as a service, team and stakeholder management, portfolio management and strategic planning, product customization and implementation, solutions delivery, and design thinking and innovation.