Grzegorz Nawrocki is a manager for IAM Governance in DSV – Global Transport and Logistics and is also a speaker at the Identity & Access Management conference the 6th of February. At the Conference Grzegorz will present a setup where IT Compliance, being a link between IT and the Business, drives the IGA and IAM agendas.
Before the conference you can read an interview with Grzegorz here.
How do you and your company work with Identity And Access Management?
We are focusing on extending the coverage of IGA platform – on implementing workflows and integrating new applications. Our vision is to ensure the users have the right access at the right time by utilising one central portal for requesting for identities and entitlements. We have a setup where IT Compliance, based on specifications coming from the international standards and regulations (e.g. ISO or NIS2), sets the internal requirements towards IAM.
What is your best advice for getting IAM implemented in a company?
Remember the importance of communication, training & change management. Make sure the benefits of IGA are known and well understood. Prepare and train end-users on how to use the tool effectively. IAM impacts everyone in the organisation, therefore everyone must be prepared for the change.
Can you tell us about some of the most important things that have happened in the development of IAM?
A very important event during the early phase of IGA implementation was to define the project as one of the top strategic projects in DSV. As a consequence, the project has got the necessary executive management attention and budget to conduct it effectively. IGA implementation focuses on integrating with new applications. Thanks to the mandate that came with being one of the top projects, the project could reach the different application owners and request to appoint resources and deliver necessary materials for IGA integration.
Do you think IAM is something companies should put extra effort and resources into?
I strongly believe IAM is something companies should put extra effort and resources into. Very often one of the first actions adversaries perform, once they got access to company’s infrastructure, is to elevate their access rights. They try to obtain privileged user accounts or technical account’s rights to make it easier for themselves to perform fraudulent activities. Strong, secure IAM processes and technology are crucial to hinder or even prevent it from happening.
Is there a particular topic within IAM that you find particularly interesting?
I very much enjoy working with workflows and processes. Therefore, I find workflow designing particularly interesting. I like to see the different steps following a logical order to fulfill a specific objective. It is not an easy task, as strong end-to-end process must fulfill requirements of IT, Business, Security and Compliance. It is very rewarding to see strong process being successfully implemented and followed by end-users.
What do you talk about at the conference and what do you hope attendees get out of it?
Since I see IGA as a Compliance and Security tool, I would like to talk about why I believe IAM / IGA implementations should be driven by governance requirements defined by IT Compliance. My intent is to broaden the perspective IGA is perceived – apart from making it easier for end-users to request for entitlements it has significant role to improve the internal security posture. Therefore, the governance requirements must be set outside of IT and Business.
Do you want to hear more from Grzegorz Nawrocki?
Join the conference Identity & Access Management the 6th of February and hear more from Grzegorz Nawrocki on IT Compliance and how IT Compliance can be a link between IT and the Business, drives the IGA and IAM agendas. Learn more about the conference og sign up here.
