Making the Case for Centralized IAM Management ControlBooking.com Head of IAM on Benefits of Centralized Access Management
The problem with decentralized access management, says Manuel Garat, head of IAM at digital travel company Booking.com, is that whilst you might know who or what needs access to your network, applications and data, you "don't always know who shouldn't have access."
See Also: Case Study: The Road to Zero Trust
Garat recommends a centralized approach to access management. "It's very, very important to have centralized management, because it allows you to centrally enforce segregation of duties and strategical restrictions," he says. This is particularly useful for smooth, secure replatforming and M&A.
Implementation of centralized access management, he says, requires an agile approach and understanding of the technical landscape. "Your consumers are not going to be homogeneous. They're definitely going to be different, all over the place. So it needs to be very flexible in terms of integrations."
In a video interview with Information Security Media Group, Garat discusses:
- The impact of cloud-based services and mobile devices on identity and privilege at Booking.com;
- Why he is an advocate of centralized access management and how to overcome implementation challenges;
- Misconceptions around passwordless and how we can strengthen authentication methods.
Garat is the IAM lead at digital travel company Booking.com. In this role, he brings together his three passions: software development, security, and agile methodologies. His background is in engineering and he is a certified information system auditor and certified professional scrum product owner.