Organizations Shift from Identity and Access Management to Identity and Data Management

Organizations Shift from Identity and Access Management to Identity and Data Management

In an economy driven by information, data is always every organization’s most critical asset. Cyber criminals almost always start an attack by compromising credentials. From there, they move to other levels of privileged access escalation until they reach their ultimate goal – data. With the advent of cloud, mobile and digital transformations, we are in unchartered digital territory. Data today is created at an unprecedented volume and velocity. It resides in more places across dynamic, distributed, hybrid infrastructures and is accessed by more people, in more ways, and on more devices than ever before. In addition, data user access requests and current network states are changing at increasingly fast rates. By effectively and securely managing access to their assets and data, companies can dramatically reduce the likelihood of data compromise and compliance violations across the digital transformation.


With this exponential data growth and digital transformation, we are seeing a shift toward Identity and Data Management (IDM) from Identity and Access Management (IAM). IAM is a critical security domain that enables the right individuals to access the right resources at the right times for the right reasons with increasingly heterogeneous technology. The main benefits realized from traditional IAM are:


  • Streamlined authentication experiences and improved ability to meet compliance and security requirements that address audit findings
  • Management and monitoring of privileged accounts across an enterprise
  • Operational efficiencies gained through centralized access management and user lifecycle management


With 81% of hacking-related breaches leveraging either stolen and/or weak passwords, and 60% of internal data breaches caused by privileged abuse where internal actors misuse their level of granted access, the IAM discipline is increasing in complexity and importance.


To that end, Identity and Data Management is becoming a broader organizational concern, inclusive of the Chief Information Officer, the Chief Risk Officer, the Chief Privacy Officer, the Chief Digital Officer and the Chief Data Officer. Common concerns specific to data management are related to increased cloud adoption, obtaining and remaining compliant with regulatory and privacy requirements, the rapid growth of unstructured data, the lack of visibility into who has access to data in the cloud and on-premise and the lack of data classification and ownership.


With the exponential growth in unstructured data each year, coupled with cloud adoption and IoT devices, it is critical that organizations begin to pivot from a traditional Identity and Access Management program to a comprehensive Identity and Data Management program. Effectively developing an identity and data management program supports organizations’ digital transformation goals and agility needs, empowers businesses to maximize their data to grow revenue, innovate products and delight customers, all while improving the effectiveness of identity management processes. 


Identity and Data Management enables organizations to quickly and securely provide access to the right company assets on- and off-premise while classifying, governing and protecting sensitive data. With the exponential growth of data and increased privacy regulations it’s imperative that we use data classification as a critical factor when managing access risks. 


To continue to mature organizations’ IDM programs, three critical components must work together:


  • Digital Access Management
  • Identity Governance
  • Data Governance and Protection


Identity is at the heart of managing data security around these three pillars. 


Digital Access Management provides a protected and uniform digital experience for employees, customers and partners by securely enabling access to business system resources and data from the cloud, IoT, devices and on-prem. 


Identity Governance allows for control and management of identity-related data. How data is processed across the organization is taken into account while streamlining the user lifecycle process and self-service management.


Data Governance and Protection offers visibility, compliance, privacy and control over sensitive corporate data that lives on-premise or in the cloud. In addition, businesses are empowered to maximize their data to grow revenue, evolve products and delight customers.


IT Departments are often unaware of where their sensitive data resides, including their crown jewels, which creates a large risk within their organizations. Data governance enables the identification and classification of sensitive, unstructured data. Once the sensitive data is defined, access governance can be implemented to ensure the right people have access to sensitive data. Data protection controls are also implemented to provide an additional layer of protection beyond access management.


A move toward a holistic, strategic IDM program ensures secure and uniform access to cloud, IoT and on-premise assets for your organization. Data governance and protection and user lifecycle management is streamlined, providing visibility, control and governance into who has access to both structured and unstructured data regardless of its location.


Maximize the value of your identity program and streamline operations in your business. Download our eGuide to learn more.

Julie Talbot-Hubbard
Global Vice President and General Manager of Digital Identity and Data Services
Julie is an experienced cybersecurity practitioner, technology executive and former Chief Information Security Officer (CISO). At Optiv, she is responsible for delivering solutions that balance risk, business realities and operational impacts for Identity and Data Management. Prior to Optiv, Julie held executive positions at global finance, education, health care and technology companies. She was nominated for and attended the FBI Executive CISO Academy and is a board member at the Identity Defined Security Alliance.