Duane Carstens on identity and access management

PwC’s Duane Carstens on the role of identity and access management in facilitating digital transformation

Duane Carstens

Director, Cybersecurity & Privacy

Managing identity is vital, but it's also a daunting task for many organisations who lack proper identity and access management for governing their digital identities,” says Duane Carstens, Director, Cybersecurity & Privacy, PWC. “That’s regardless of their IAM service maturity or whether they are adopting or replacing digital technology through their digital transformation.”

Carstens believes in the transformative power of PwC’s cyber business. “The purpose of our cyber business is to help build a secure digital society. This is done through three key aspects, including 1) serving our clients, 2) extensive research and disruption to the market and to threat actors which is done by challenging conventional thinking, and 3) shaping society by being an exemplar. These three key aspects are encompassed by our DNA which includes empowering an innovative and diverse team. 

PwC is equally focused on forging strong bonds with their customers. “Our value is defined by the relationship with the client,” Carstens adds. “That relationship is born from an intelligent, engaged, highly collaborative process. It’s about helping them through their digital transformation journey, through their challenges and providing the insight to assist clients to reach their objectives.”

The ongoing COVID-19 pandemic is resulting in innovative attack vectors which companies must respond to. “We see key emerging cybersecurity risks as a result of COVID-19,” says Carstens. “There are a lot of opportunistic threats at the moment. The increasing attacks on businesses means that identity and access management continues to be of paramount significance, in the risk management priorities of organisations.”

With such a range of areas to be aware of, a holistic approach is necessary. “What’s most important in terms of digital identity is that management should have a complete vision for their identity and access management program. Coupled with that vision should include capability in managing and governing identity, as well as controlling and monitoring access,” says Carstens. “Capabilities have to run across different groups, including human and non-human users who will be in contact with your organisation and the assets that you're trying to protect, from applications in the cloud, to on-premise solutions, databases and operating systems and the data that resides on these assets.



What’s most important in terms of digital identity is that management should have a complete vision for their identity and access management program

Duane Carstens | PwC

Read the full story: HERE