IAM and why it's so hard to maintain in large organisations.
I am currently completing a masters in cyber security and my final work is on IAM and why it seems to continue to be a problem despite being a longstanding security fundamental and many organisations investing significant funds into the problem...
I have worked at a few places where sustainability of good IAM seems to be a challenge.
My own working theory is that it is seen as a technology problem when in fact it is a business process which needs technology support and that controls degrade after investment due to poor connection with wider corporate governance.
If anyone has any thoughts and views they would be very welcome.
Definitely, agree with silentwall on this. It also seems to be an inherited problem with older organisations, because there was once a time where all departments went rogue, established their mission-critical applications, and at one point these needed to be merged into one gigantic IAM.