Nomalizo Hlazo, Investec

In every organisation, users need access to resources and systems to do their jobs effectively. However, IT departments must ensure that each user’s access is appropriate and secure, which is where identity access management (IAM) and privileged access management (PAM) come into play. These systems help manage who has access to what, ensuring that users can do their work while keeping sensitive information secure.

But managing access isn’t so simple, especially when employees leave or change roles. Companies often struggle with maintaining permissions and ensuring that only authorised individuals can access critical resources. “It’s not an automated process, so when a person leaves or a machine is decommissioned, relying on manual processes to remove access takes too long and leaves the door open for excessive or stale access to persist,” says Nomalizo Hlazo, Investec’s head of security and governance.