Identity and Access Management services have quickly become a very valuable part of many companies’ security plans since the onset of the COVID-19 pandemic last year. The shift to remote work changed how many organizations looked at authentication of their users. Once these organizations started to implement more mature IAM processes, they began to see the many benefits an Identity and Access Management program could have for their overall security posture.

Now, companies are looking at what next steps they can take to further develop their Identity and Access Management programs moving forward as workforces continue to shift with each new passing development in 2021.

With all of this in mind, we recently sat down with Chris Vermilya, Director of Identity and Access Management at Fishtech Group, to discuss our IAM offerings and talk about where we’re headed next.

Hi, Chris. Thanks for taking the time to talk with us today. Tell us about what you do at Fishtech Group.

Thanks for having me. I appreciate it. My name is Chris Vermilya and I am the Director of our Identity and Access Management practice here at Fishtech.

As we have highlighted before, there are four pillars of Identity and Access Management. What are the four pillars and which pillar do you see most of your engagements landing right now?

Good question. So, the four pillars that we look at when we consider Identity and Access Management are Identity Governance and Access, or IGA, Access Management, Strong Authentication, or MFA (Multi-Factor Authentication), and then finally Privileged Access Management. Lately, we’re seeing the highest demand for Access Management, followed closely by Identity Governance.

Organizations are looking to secure their on-premises environments, cloud-based infrastructure, and SAS applications with a common platform, one that provides both robust security, and also a familiar user experience. We have a lot of demand for solutions like Okta, Ping, and Microsoft’s Azure-based solution, etc. to provide the capabilities that our customers require to meet their needs.

But as I said, coming in close second is demand for better Identity Management as a whole, you know, Identity Governance. Once customers establish their Access Management footprint, they really want to go further and more formally manage their identities that they need to trust. You can’t just open the gates as soon as the user successfully authenticates. We need to better manage the complete identity and what they should or should not have access to.

IGA solutions like Saviynt and SailPoint provide visibility, risk analysis, access certifications, and a lot more to really help us fully manage the identity and their access across the board.

How would a customer begin an engagement with the IAM team?

Sure, so in order to engage with our team, we really have a lot of different approaches that a customer could take. Fishtech sets itself apart in the IAM space by taking an advisory-first approach in really every engagement that we participate in. This looks different based on the needs of the customer, of course, but as a starting point we can provide small one-day workshops to assess the health of an IAM program across all four of the IAM pillars, again being Identity Governance, Access Management, Strong Authentication, and Privilege Access Management.

The outcome of those workshops is typically an action we’ll road map that has not only recommendations on where to take that next step, but what does the timeline look like across the next couple of years? We also provide full IAM assessments that can span several weeks and provide not only the in-depth observations and recommendations that you would expect from an assessment, but a full, strategic, road map and IAM program strategies that are going to be specific to each of the pillars that we mentioned.

It really helps provide customers with actionable milestones for their broader IAM program. We also offer implementation and delivery expertise where our engineers will come in and partner with our customers, not just to turn the wrenches and stand up a solution but provide best practices and other strategic input with that advisory hat on.

Lately, one of our more popular offerings has been a relatively small, but kind of an advisory- / architecture-type engagement. We’ll bring in an architect to work with our customers to look at, typically, one specific IAM pillar and look at the planning and then help design and scope what a potential implementation could look like to meet the needs of the organization. Understanding what should be included in that phase one, and really, what can be pushed to more phase two based on the organizational needs, and also what other considerations should be made to make that implementation successful.

Now those engagements typically result in a solution design document that we’ve worked through together with the customer and often leads to a full implementation if that’s the route that’s desired, or into a larger IAM assessment engagement depending on the needs of the customer.

How has the last year impacted organizations’ needs for Identity and Access Management?

So, the past year has been an interesting one, as you would expect, right? I mean, COVID really pushed IAM to the forefront a number of different ways, but specifically within the Access Management IAM pillar it really pushed that into the spotlight for a lot of organizations. We found our customers needing to rapidly stand-up solutions to securely facilitate access to both their on-prem resources, their cloud-based applications, any of their SaaS offerings they are taking advantage of, they really needed to get that up quickly to make an impact to securely engage with their users to be able to provide for their needs.

It’s actually still continuing, but as that the starts to settle, many of our customers are now looking to build on that modern foundation and expand into more Identity Governance-type solutions, as well as Privileged Access Management if they don’t have a footprint in the space already.

I’ll throw out Zero Trust here as well. It plays a lot into this transition, as many organizations have started down this path due to COVID, but our customers really just want to ensure that their assets are protected as the entire workforce is largely remote at this point, or at least a much broader percentage than they were in the past.

At a base level, that means we’re no longer trusting where a user is logging in from, or even the device they’re using. BYOD certainly isn’t new but having our users completely remote and on their own devices 24 hours a day has really changed things up. It’s really pushed Identity Management to that foundational level of changing how we view IT security as a whole. We really have to look at the identity to know what a user can and cannot do, and then implement their accounts and their access accordingly. Identity Governance really has to be in the picture because of that change.

Our customers are seeing the benefit of making that jump to managing the identity as a whole over just the accounts themselves. For better or worse, COVID was the spark that forced a lot of that movement over the past year.

Looking forward, what’s next for your team and the broader Fishtech Group IAM offerings?

We’re looking forward, you know, we’re always kind of keeping an eye on how we can better change our offerings to meet the needs of our customers. But Fishtech has and will continue to be a true partner with our customers. We believe strongly in our approach. It allows us to be flexible to meet the needs of our clients, even as those needs change, especially if they’ve changed pretty dramatically over the past year or so.

Identity and Access Management has established itself as the foundation of modern security, and we’re excited to continue to see organizations understand that shift and move forward securely on their own journeys.

We’re seeing more need for IAM-as-a-Service-type offerings. As demand rises for talent, and the more these solutions are being implemented, it’s hard to find people that can meet those needs.

IAM solutions need care and feeding and, realistically, IAM is not going to be a core competency for most organizations. They need to support what their business truly is doing, so we’re working to provide new services for our customers around our strategic technologies to help continue our partnership beyond just the traditional advisory and delivery that we’ve been doing, but more into the managed services space.

Our advisory-first approach will extend into those offerings as well and allow us to not only meet a need for our customers but bring the advisory mindset to what has traditionally been an operations-focused arena. So, we’re excited to see where that moves forward in the future and how we can tie that into other offerings from the Fishtech organization in terms of overall IT security management.

Interested to Learn More about IAM?