The Middle-East has, in the last few decades, been growing into an exclusive nation in terms of its quality of life and wealth, and also as a definitive business destination globally. This attracts significant cybersecurity concern, Identity and Access Management included.
The Saudi Arabian Monetary Authority (SAMA) recently drew up a framework for local businesses to protect themselves from cybercrime.
The framework calls for an orderly and tiered process in assessing your cybersecurity risk and is comprehensive in the scope and depth of solution it offers. The framework is not so much a technological one, but a managerial one. For instance, it begins with self-assessment of your company’s cybersecurity vulnerabilities and then places you in one of 3 ‘Maturity Level’ groups depending on the maturity of your existing cybersecurity systems or future plans. The framework makes strong recommendations on processes to determine your cybersecurity needs and what policies should thereafter be considered.
The strength of such a framework lies in its raw intelligence and usefulness, rather than as a quick-reference guide that makes specific product recommendations. What a business must do is imbibe the framework into its thinking and then rigorously apply potential improvements that are discovered. In the context of IAM, for instance, the first directive in the framework is that ‘the identity and access management (IAM) policy, including the responsibilities and accountabilities, should be defined, approved and implemented.’. Such a recommendation does not simply advise a kind of technology or process. Its purpose is to induct your organization into a deep but highly usable understanding of your business’ IAM needs and scope in terms of feasible architectures. With this, you know what you need and can find the product that matches.
So, while the framework is essentially a surgical strike into the heart of your organization’s security (and, in fact, management) thinking to make your business completely capable of handling its cybersecurity needs optimally, support can come from within as well as from without, and both will be beneficial.
From the outside, Cross Identity’ ‘CI’ offering has a lot to offer in terms of SAMA compliance. Indeed, the company has recently updated the product just to enable businesses to quickly and efficiently comply with the new regulations.
For instance, directive 2 in the SAMA framework states that
“The compliance with the IAM policy should be monitored.” So, your business needs not just to implement functional IAM, it must monitor the related policies constantly. CI’s ‘Who Has Access to What’ reports, real-time SOD violation detection and metrics and suggestions from its AI-based risk engine all provide you with tools to meet the new standards. The tools are part of a greater overall tool that handles any instance or requirement of a business’ IAM needs flawlessly and is one of the best values for money on the market.
SAMA framework also states that “the effectiveness of the cybersecurity controls within the IAM policy should be measured and periodically evaluated.” Essentially, the recommendation is to move the awareness of cybersecurity needs and worthiness of a solution firmly into the customer’s knowledge so that they can fully control their cybersecurity framework themselves and rely only on vendors for technology. The framework attempts to make businesses highly aware of their cybersecurity needs so that they can build their own framework.
This recommendation gives an enormous amount of power to the customer but with it an enormous burden. Most small and medium businesses have enough on their plates just having to keep up with frameworks, let alone develop their own framework. What SAMA recommends and what businesses really need are, though, not polar opposites and can go hand in hand. Small and medium businesses need IAM solutions that reduce the in-house IT staff requirements and where DevOps and other understanding burdens are placed on the vendor and not the customer. Additionally, according to industry analyst Gartner recommendations, vendors ought to recommend frameworks and not just products or solutions to their customers.
Cross Identity is such a product that can both bring your organization to SAMA compliance standards as well as protect you from the unneeded burden of knowledge that it places on your businesses. The product will enable you to comply with all SAMA IAM standards, and give you an open arena in which you can choose just how much responsibility you want to take for developing your overall IAM strategy as well as how involved you would like to be in revisions to the strategy.
Read more about how Cross Identity’ Identity and Access Management can help you achieve SAMA Compliance.
Check out Cross Identity CI today.