Putting Identity at Center of Cybersecurity ProgramsRebecca Archambault of Blue Cross Blue Shield and Jeremy Grant of Venable on IAM Issues
The security challenges presented by the COVID-19 pandemic, including managing a remote workforce, point to the need to prioritize identity management, say Rebecca Archambault of Blue Cross Blue Shield and Jeremy Grant of the law firm Venable.
"Put identity is at the center of your cybersecurity program. Make sure identity is sitting in the middle, and not at the outside of it," Archambault says.
"Make sure your security team is involved in all of your implementations and all of your maintenance," she says in a video interview with Information Security Media Group. "Remember that every application, every piece of infrastructure [contains] an identity and access component. Anytime you're onboarding new apps or changing existing apps, there is an identity piece of that. So identity teams need to be at the center of everything."
Grant points out that one recent survey found that less than 50% of CISOs control or influence identity management.
"There are a lot of organizations where [identity] is considered part of HR - tied to hiring, firing and promotions - or is part of IT operations. And if that's a case, then they're not taking a security-focused approach," he contends. "Certainly if you're in the information security function in an organization and if you don't own identity, figure out a way to take it over."
In this joint video interview, Archambault and Grant also discuss:
- Key principles of the Health Information Sharing and Analysis Center's identity management framework for the healthcare sector, to which they both contributed expertise;
- Identity challenges involving provisions of the 21st Century Cures Act;
- IAM lessons for healthcare organizations emerging from the SolarWinds hack.
Archambault is the trusted identities leader of Blue Cross Blue Shield of Western New York and Blue Shield of Northeastern New York. She's responsible for setting overall identity strategy for the enterprise, including expanding identity governance to consumers and business partners. Archambault also leads the identity working group for H-ISAC and founded the Western New York Identities Working Group. Previously, she was the global identity and access management operations head for HSBC Bank.
Grant is managing director for technology business strategy at the law firm Venable. He previously served as a managing director at The Chertoff Group and established and led the National Program Office for the National Strategy for Trusted Identities in Cyberspace housed in the National Institute of Standards and Technology. Earlier in his career, Grant served as a vice president for Maximus.