REDUCING COMPLEXITY IN IDENTITY AND ACCESS MANAGEMENT
IN ASSOCIATION WITH
PwC
DIGITAL REPORT 2020
02
REDUCING COMPLEXITY IN IDENTITY AND ACCESS MANAGEMENT
03
www.pw c. com
PWC
PWC’S IVO VAN BENNEKOM AND DUANE CARSTENS ON THE ROLE OF IDENTITY AND ACCESS MANAGEMENT IN FACILITATING DIGITAL TRANSFORMATION
P
wC has identified a number of trends. affecting organisations, centered around a digital landscape that was growing in
complexity even before the COVID-19 pandemic. “We are in a very strange and unprecedented situation - the ‘new normal’, as we call it within PwC,” 04
says Ivo Van Bennekom, Director, Digital Identity. “What that new normal means, is that it’s accelerated a big change that was already happening prior to the COVID-19 situation, where we see clients changing from a traditional value chain that was very direct, to starting to become more part of a digital ecosystem, collaborating to delivering a variety of services towards the end consumer.” Increased digital complexity and ever-changing employee roles within an organisation means identifying and allowing the access of users is all the more important. “Managing identity is vital, but it’s also a daunting task for many organisations who lack proper identity and access management (IAM) for governing their digital identities,” says Duane Carstens, Director, Cybersecurity & Privacy. “That’s regardless of their IAM service maturity
05
www.pw c. com
PWC
“ W E ARE IN A STRANGE AND UNPRECEDENTED SITUATION -THE ‘NEW NORMAL’, AS WE CALL IT WITHIN P W C” — Ivo Van Bennekom, Director, Digital Identity, PwC
and whether they are adopting or replacing digital technology through their digital transformation”. To help organisations with digital identity, the company maintains more than 950 digital identity professionals as part of a broader cyber team that is 3,500 strong, with extensive experience across various industries. PwC consequently differentiates itself from competitors in the space along a number of lines. “One of the biggest benefits that clients see when work-
06
ing with us, is that we can deliver an integrated approach to the whole breadth and depth of cybersecurity and digital identity management,” says Van Bennekom. Carstens believes in the transformative power of PwC’s cyber business. “The purpose of our cyber business is to help build a secure digital society. This is done through three key aspects, including 1) serving our clients, 2) extensive research and disruption to the market and to threat actors which is done by challenging conventional thinking, and 3) shaping society by being an exemplar. These three key aspects are encompassed by our DNA which includes
empowering an innovative and
which companies must respond to.
diverse team.
“We see key emerging cybersecurity
PwC is equally focused on forging
risks as a result of COVID-19,” says
strong bonds with their customers.
Carstens. “There are a lot of opportun-
“Our value is defined by the relation-
istic threats at the moment.
ship with the client,” says Carstens.
The increasing attacks on businesses
“That relationship is born from an
means that identity and access man-
intelligent, engaged, highly collabora-
agement continues to be of paramount
tive process. It’s about helping them
significance, in the risk management
through their digital transformation
priorities of organisations.”
journey, through their challenges and
“The focus should be on provid-
providing the insight to assist clients
ing the right people, with the right
to reach their objectives.”
access, at the right time through the
The ongoing COVID-19 pandemic is resulting in innovative attack vectors
identification, authentication and app ropriate authorisation information
E X E C U T I V E P R O FILE :
Ivo Van Bennekom Title: Director, Digital Identity Location: Arnhem-Nijmegen Region Ivo leads the PwC Digital Identity Impact Center for the EMEA region. Ivo has over 15 years of experience within the digital technology space, with a specific focus on global identity market patterns and translating them to business objectives for clients. He is a strategic and tactical Subject Matter Expert on digital identity topics advising Client Senior management. Ivo works for a variety of sectors, with a main focus on Finance, Retail and high-tech firms. He is engagement leader of several global Cyber Security & Digital Identity programs. www.pw c. com
07
what tools, how are they using those tools, are they the right tools and governing the usage along your journey. Imagine if Hilary and Norgay just tried to climb without
STEVE BRADFORD
Senior Vice President, EMEA SailPoint
knowing all the information about the route and having the 350 porters, 20 Sherpas and the tons of supplies to support the expedition. COVID-19 has changed the business landscape, with
On May 29, 1953 two men shake hands around noon.
over 55% of companies now looking to invest in new
One a 33-year-old bee keeper, the other a 39-year-old
digital experiences and requirements to support their
Tibetan climber. At that moment Edmund Hilary and
business. Also over 54% recognise the need to improve
Tenzing Norgay transformed the climbing world and
their cybersecurity and resiliency in light of the changing
achieved the accolade of being the first people to climb
workplace, according to PwC CIO Pulse survey. But after
the world’s highest mountain—creating a path for those
stay-at-home restrictions and social distancing suddenly
who come after them. To say in passing that you’ve
forced more collaboration and commerce online, over
“climbed Mount Everest” always implies that you did
52% of companies now recognise that they need to invest
the impossible.
in new technology and AI enabled business models to support their transformation.
Why is this important in today’s world? Whether it is COVID-19, new competitors, expansion, operational
Unfortunately, legacy technology complexity in the
efficiencies, all organisations need to transform to a new
current security landscape and outmoded platforms
digital era and one of the only ways you can do this is
remain major obstacles to the pace and success of
mapping out the path as to who in your organisation has
digital transformation efforts. Many companies have
hundreds—if not thousands—of systems running their business, with their security approach being siloed. Conventional IT approaches to these problems are not helping. Large programs, re-platforming, and complex replacements take many years, cost more than most companies can afford, pose risks, and are highly
•
Proactively detect and revoke inappropriate access
•
Enable stronger collaboration and effective governance
•
Automatically check access policy before granting
•
Unify and centralize access certifications across data
•
Model the future of a company’s access so they
unlikely to deliver on the promise. Accelerating digital transformation requires a new approach and with SailPoint Predictive Identity, organisations can build and adapt the route that supports their journey for their employees, partners, RPA’s and other stakeholders. Studies have found that undergoing a digital transformation can improve an enterprise’s productivity, collaboration, and innovation among employees. Additionally, it can improve prestige in the modern marketplace, streamline business processes, consolidate corporate assets, and improve the bottom line overall. The growth of cloud adoption (86% of the SailPoint EMEA Virtual User Group has predicted growth in SaaS applications in the enterprise over the next 18 months) will mean the integration of your business processes across endpoint devices, operating systems, applications and resources. It enables access to endpoints outside the traditional enterprise structures and across disparate locations to corporate assets, all of which will form part of the digital transformation; with SailPoint Predictive Identity and PwC we can help your enterprise handle transitioning to the cloud through its centralization mechanisms, structured approach and by ensuring regulatory compliance through the platforms monitoring capabilities. SailPoint’s Predictive Identity approach can help an organisation prepare for their transformation journey, as well as supporting it along the way and adapting when
and policy violations to strengthen security
across business, IT and audit/compliance teams
new access privileges
centre, cloud, and mobile systems
can assess the impact of a transformation on their application landscape
With SailPoint and PwC we are able to create an identityfocused digital transformation strategy that enable users – whether internal or external, human or nonperson – to streamline actions, duties, or processes on the journey. An identity enabled enterprise can scale to heights previously inaccessible as it ensures that you can climb to those heights responsibly and profitably. With identity governance as a key foundation for your digital transformation, it means that user permissions need to be tightly controlled more than ever. Your enterprise must be able to maintain security as well as ensure that business processes are smoothly managed and conducted. Digital transformation enabled by identity is a key for every organisation as it attempts to ascend their Everest. Tenzing later revealed in his autobiography, “Tiger of the Snows”, that Hillary had in fact preceded him, something they kept a secret for years. Because to a mountaineer, it’s not about who sets foot first, it’s about supporting each other through tough times and letting your partner shine. With SailPoint and PwC supporting you, there will be no summit you cannot conquer in your security journey.
encountering hurdles or new paths. With SailPoint Predictive Identity you can…
•
Map your current user estate and answer who has access to what, how did they get access and do they need access on an ongoing basis
•
Provide proof and irrevocable evidence of compliance to internal and external auditors
Visit us at www.sailpoint.com to learn how SailPoint can help transform your business with Identity.
PWC
1998
Year founded
9,400
Number of employees in Africa
27,600
Number of employees globally 10
security principles” Carstens adds. “Identity and access management is not just about the technology, it also involves the organisation’s people, processes and governance on the service. This holistic approach will provide secured flexibility for your remote workforce to remain productive and ‘work from anywhere’.” Defending against those threats requires capabilities across a range of arenas. “Digital identity can roughly be carved up into four different areas,” says Van Bennekom. “One is the workforce identity space, so access management, but also identity governance. Second, is privileged access management, for users such as database administrators that, basically with one press of a button, can wipe out a complete IT estate. Thirdly, we have customer identity, from B2B customers to consumer scenarios, or even governments and how they interface with their citizens. Lastly, we have artificial intelligence, RPA and the identity of things.” With such a wide range of areas to be aware of, a holistic approach is necessary. “What’s most important www.pw c. com
11
PWC
PwC BriqBank helps with digital identity CLICK TO WATCH
|
0:41
12 in terms of digital identity is that
“The vendors that we typically work
management should have a complete
with are on a journey together with us to
vision for their identity and access
actually decrease the technology debt
management program. Coupled with
that you need in order to fulfill a lot of
that vision should be capability in man-
those use cases,” adds Van Bennekom.
aging and governing identity, as well
“Cloud solutions, for instance, simplify a
as controlling and monitoring access,”
lot of the technical digital identity com-
Carstens says. “Capabilities have to
plexity while also reducing the cost of
run across different groups, including
operating such a system.” The effective
human and non-human users, who
utilisation of appropriate technologies
will be in contact with your organisation
will allow organisations to spend more
and the assets that you’re trying to
time on what really matters: managing
protect, from applications in the cloud,
business risks related to digitalisation.
to on-premise solutions, databases and
An accomplished cybersecurity
operating systems and the data that
strategy is a vital complement to digital
resides on these assets.”
transformation. “Digital transformation
“ M ANAGING IDENTITY IS VITAL, BUT IT’S ALSO A DAUNTING TASK FOR MANY ORGANISATIONS” — Duane Carstens, Director, Cybersecurity & Privacy, PwC
E X E C U T I V E P R O FILE :
Duane Carstens Title: Director, Cybersecurity & Privacy Location: City of Johannesburg, Gauteng, South Africa Duane is an Associate Director in the PwC cybersecurity and privacy practice, providing comprehensive cybersecurity solutions to assist businesses with assessing, building and managing their cybersecurity capabilities, and enabling effective management to a myriad of potential threats from strategy to execution. Duane’s working experience spans over 15 years working with listed entities across various industry sectors, in numerous countries, and within multiple roles. He is engaged in the understanding of technology and trends, and being able to articulate and make comprehensive, pragmatic decisions for businesses and consumers. Through Duane’s career, he has worked on security programs / ISMS development, vendor & client management, assessments, governance, risk & compliance, formalizing innovative business operating models, improving processes and optimizing controls, while achieving strategy and objectives.
www.pw c. com
13
PWC
14
“ O UR VALUE IS DEFINED BY THE RELATIONSHIP WITH THE CLIENT” — Duane Carstens, Director, Cybersecurity & Privacy, PwC
can result in a company becoming a target for attackers because they know that there’s a lot of volatility within the organisation,” says Van Bennekom. “We understand how to integrate cybersecurity into those types of transformations, because technology continues to be the driver and it’s
15
evident that security is an enabler of
required agility of cyber defence is
those digital journeys.”
also increasing. We’re also bringing
PwC consequently ensures its cyber
in consultants from other PwC com-
defence offering keeps up with the
petencies to understand business
pace and evolving trends. “We are
processes and take the right approach
already in the fourth wave of digital
to help organisations become smarter
transformation. Agility is becoming
in terms of cybersecurity defense,”
more important and, with that, the
says Van Bennekom. www.pw c. com
PWC
16
While as a consulting and advisory
it employs to help clients achieve
house PwC remains technology and
their goals. “The technology vendors
vendor agnostic, SailPoint, OKTA and
that we work with are a big part of
CyberArk are some of the solutions
helping clients to decrease their IT
“ W E ARE ALREADY IN THE FOURTH WAVE OF DIGITAL TRANSFORMATION” — Ivo Van Bennekom, Director, Digital Identity, PwC
assist not only its clients but society at large with transformation in access management, decreasing complexity and improving the utility of digital envi-
complexity so that there’s more room
ronments. “We’re focused on building
to create business value,” says Van
trust in society and solving important
Bennekom. “Typically, the vendors
problems while making sure that
that we work with are capable of cover-
we are looking at this from a broader
ing a whole ecosystem of use cases
perspective rather than just creating
and different types of identities, all
locks,” says Van Bennekom. “You need
from the cloud.”
to understand what an organisation
The companies with whom PwC
wants to achieve from a business
works with are therefore carefully
perspective to understand how
selected through a consultative
cybersecurity can support that most
approach, based on product value
effectively. We’ll continue integrating
and market need. “Digital identity
all those different competencies to
for us as a business is one of our
decrease the complexity and the risks
growth priorities over the next few
of our clients’ ecosystems.”
years,” says Carstens. “Together with the right partnerships, matching a solution to a client problem, and our robust methodologies supported by our global network of subject matter experts, we will continue to add the desired value to our client engagements.” Going forward, the two are clear that PwC stands in good stead to www.pw c. com
17
PWC 4 LISBON LANE WATERFALL CITY JUKSKEI VIEW 2090 SOUTH AFRICA
P0WERED BY
T +27 (11) 797 5478
www.pwc.com