Aujas US

An IDG Ventures Company

Identity and Access Management – This must be your project, not your partners’!

Lessons Learned

Identity and Access RiskHaving been through numerous Identity and Access Management (IAM) implementations, we see two common denominators in terms of customer expectations that rear their ugly heads rather frequently:

  1. Let’s integrate everything that we have, and
  2. Let’s do it all at once

One can understand the excitement we all go through when we contemplate having a solution that allows us link so many applications, streamline processes with workflow automation and synchronize attributes across the board. While that excitement is infectious and contagious, the sound voice of reason must be heard and listened to.

It is natural for you to want to do as much as you can with a product, and it is human to want all of it done yesterday. Hence, the onus lies on the domain experts to work closely with customers (as partners, not vendors) and plan out a deployment that gives the customers the most results as soon as possible and additional benefits over subsequent phases.

The “good” partner helps the customer prioritize their needs and requirements, and establish plans to achieve those objectives over phases. Strong project management and planning are the keys to a successful IAM program. The products from various vendors are unlike those of 5 years ago, they are now mature, stable and scale exceptionally well, unless hacked to death to fulfil a few exotic requirements.

We cannot lose sight of the top benefits of having a robust IAM program toa company:

  1. IT systems and applications are constantly compliant with a variety of regulations, there are few gaps in access recertification
  2. Processes and access governance have been streamlined – business demands, business approves, and business gets – with minimal or no IT intervention
  3. Password reset is automated and secure, and helpdesk costs are under control
  4. Peace of mind

 

So next time you want to know whose side the “partner” is on, throw a plan too ambitious at them. While most will try to give you what you demand, you will know during the course of their approach whose interests they have in mind, yours or their own.  After all, it is your project and responsibility.

Advertisements

November 22, 2010 Posted by | identity and access management, Identity Theft, IT security, Risk management | , , , | Leave a comment

Understanding the Need for Converged Access Control

Access managementAccording to a study conducted by Carnegie Mellon University – critical system disruptions, loss of information of customers and partners, loss of confidential intellectual property,  brute-force attacks, fraud, reputation risk, etc. were mostly attributed to actions by insiders.

The grave dangers of insider threats, arising from employees retaining their system and/or having physical access even after job termination, can be understood from a shocking incident that took place recently. A US-based Water Service Company auditor, who resigned from his post, sneaked into the company’s building and accessed a former coworker’s computer to transfer $9 million from the company’s fund to his personal account. 

Insider threats, in which the disgruntled employees or ex-employees, gain access to computer systems or networks of the enterprise, is one of the cases of improper Identity Management!

Proliferating Disconnected Identities – Root Cause for Mismanagement of Identities!

In most organizations, it is seen that logical and physical identities often see excessive increase in numbers, making it difficult for the organization to track and manage all the identities effectively. 

On the logical side, an employee may have one identity within the enterprise HR system, such as a SAP system. That identity typically consists of salary, benefits, insurance and other specific employee details. Then there is a logical identity, for the same employee, within the information technology department’s directory software – such as those from Microsoft, Novell, CA, Sun Microsystems, or Oracle. This directory controls the permissions for network, database and software applications for the logical identity. Within the organizations’ Intranets, databases and applications, the user may have still more identities, in the form of different user IDs and passwords or PINs he/she uses to log into each logical resource of organization. This employee will have at least one more identity: a physical credential of some sort used for access to organization infrastructure –workstations, buildings, floors, parking garages, warehouses, research lab etc.

Then, there are cases of merger or acquisitions of organizations which often results in more than one brand of Physical Access Control System (PACS) in the organization. In enterprises with more than one brand of PACS and several facilities or areas users must enter, a user may have more than one physical access credential—and therefore, more than one physical identity.

Unconverged identity management systems either result in error-prone manual interventions or security issues!

Next: The Need for Converging Identities

November 4, 2010 Posted by | Access control, identity and access management, Risk management | , , , | Leave a comment