Identity access management (IAM) is one of those IT capabilities that every organization should implement but very few actually do. The most the average organization ever does is set up a password system, usually based on Microsoft Active Directory.
One of the primary reasons few organization ever get beyond passwords is because the whole process of setting up an IAM service is a pretty cumbersome undertaking. No matter how potentially critical to the security of the organization it is, doing so is generally viewed by IT as being a thankless endeavor.
With that issue in mind, IBM has acquired Lighthouse Security Group, Ltd., a unit of Lighthouse Security Services, which is an IBM business partner.
Latha Maripuri, director of worldwide security services at IBM, says IBM was attracted to the Lighthouse Security Group because it developed a Lighthouse Gateway platform based on IBM Tivoli IAM software, which automates much of the on-boarding process associated with setting up and managing an IAM system. Maripuri says that IBM will leverage the Lighthouse Gateway Platform as part of its portfolio of managed security services running on the IBM SoftLayer cloud.
The basic idea, says Maripuri, is to improve the overall security of organizations that turn IAM into a service that can be managed on their behalf. Naturally, Maripuri says that simplifying the on-boarding process goes a long way toward increasing adoption of IBM IAM services. According to Maripuri, Lighthouse Security Group fills a key gap in terms of speeding up the overall deployment of IAM services.
Because of the diverse nature of the attacks being made against enterprise IT environments and the complexity of maintaining IT security, a clear shift is under way toward delivering security as a service. The skill sets required to actually secure an IT environment are beyond the reach of most organizations outside of the Fortune 1000 or companies dedicated to delivering services via the cloud. And even then, the average IT organization has better things to do with their time in terms of providing a return on IT investments to the business.
Of course, IAM is only one piece of the IT security puzzle. But like most things relating to security these days, it’s best left to professionals.