Identity and access management should empower businesses, satisfying customers and other stakeholders who need secure access to an enterprise's data and systems, says Jeremy Grant, former leader at the federal government's National Strategy for Trusted Identities in Cyberspace.
Too often, though, businesses, governments and other enterprises create hard feelings when customers and stakeholders struggle to securely access systems and data, says Grant, who now serves as managing director at the security advisory firm The Chertoff Group.
"One of the worst things you can do ... is to ask somebody to have to create a username and password in order to check out; nobody really likes doing that," Grant says in an interview with Information Security Media Group. "In fact, some would say that amounts to abusing your customer."
In the interview (click on player below photo to listen), Grant:
Describes what many organizations do wrong in implementing ID and access management programs; Explains how encryption and authentication go hand-in-hand; and Encourages organizations to analyze their approach to ID and access management to identify ways to improve it.Grant - along with Liz Votaw, senior vice president for authentication strategy at Bank of America - presented a session titled "Identity as the Great Enabler: Improving Security, Privacy and Customer Experiences" at ISMG's recent Washington Security and Breach Prevention Summit
As a managing director at The Chertoff Group, Grant advises clients on business, technical and policy issues concerning identity, privacy and cybersecurity. Earlier, Grant served for more than four years as leader of NSTIC, the public-private initiative housed at the National Institute of Standards and Technology, which aims to create a vibrant identity ecosystem where individuals and organizations can securely conduct online transactions (see As He Departs NSTIC, Jeremy Grant Sizes Up Progress).