It’s a company’s worst nightmare. A data breach or cyber-attack. Cyber-attacks continue to be a growing threat, but not all data breaches are caused by outside hackers. Ask Morgan Stanley. In 2015, the financial services firm revealed that an employee had stolen data from more than 350,000 accounts. Forrester estimates that 80% of data breaches have a connection to compromised privileged credentials, such as passwords, tokens, keys, and certificates.

To avoid a data breach nightmare, company’s must ensure only the right people can access appropriate systems, data, and resources, for the right reasons. This is accomplished through Identity and access management (IAM). IAM is a specialty discipline within cyber-security. It helps companies increase productivity while securely enabling access to applications and systems.

IAM has to be an essential part of your IT toolkit. The typical business user has dozens (even hundreds) of applications they must access to do their jobs. These applications span cloud, mobile and on-premise solutions, and all can hold confidential, sensitive and regulated information.

To address the access management problem, there are many different IAM products on the market. I’m currently finishing a project to put SailPoint IIQ in place for a large financial institution. SailPoint is a Java based web application that integrates with legacy systems and Active Directory (AD) enabled applications. Auto-provisioning, native change detection, reporting and access certifications are some of the features SailPoint IIQ offers. Some of the other popular IAM products include Oracle Identity Management (OIM), Microsoft Identity Manager and Microsoft Azure Active Directory.

Regardless of the product you choose, having the right IAM strategy in place is key. The implementation of IAM can be very challenging. It takes strong collaboration between business, IT and operational teams. It also takes prioritization from leadership. Without executive sponsorship, business system owners and stakeholders may be reluctant to assist.

If you are in early stages of IAM or if you are already into delivery, MacIsaac Consulting can help. We provide services to help you put the right IAM strategy in place and we provide delivery resources.

About the Author: Mike MacIsaac is the founder and principal consultant for MacIsaac Consulting. Mike provides leadership as an IT Project and Program Manager as well as an Agile Scrum Master/Coach. Follow Mike on Twitter@MikeMacIsaac or subscribe to Mike’s blog.