Build an Identity Security Services Plan
Secure your weakest links: your users.
- Organizations often leave identity management projects on hold, choosing instead to focus their attention on perimeter-related security and outward threats.
- Users can be an organization’s weakest link and should be addressed with the same rigor as the perimeter. A disgruntled employee who is fired but retains access because of negligent processes can cause problems for an organization.
- Lack of identity management processes can also create unnecessary help desk costs in relation to provisioning/deprovisioning cycles and password resets.
Our Advice
Critical Insight
- Help desk costs can be drastically reduced by exploring streamlined and efficient password reset techniques like self-service.
- Automating provisioning/deprovisioning cycle times through software batch processes also saves time and costs.
- Auditing your users’ access does not have to be overwhelming. Implement a process where you focus on your critical applications and the sensitive user groups within them first, instead of trying to tackle the big picture, to make the task efficient and manageable.
Impact and Result
- Prepare to audit your users’ access and maximize your team’s time and effort by focusing on critical applications and systems.
- Optimize your current processes by picking your top ten areas to improve rather than taking everything on at once.
- Identity management processes are not impossible to maintain. Getting in front of managing your users’ IDs will make the process easier in the future.
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 1-phase advisory process. You'll receive 4 touchpoints with our researchers, all included in your membership.
- Call 1: Determine application sensitivity and key user and data groups
Provide information (spreadsheets, etc.) about your top five applications with access information on the four user groups (remote, internal, privileged – internal, and external). Identify critical user groups and prioritize.
- Call 2: Prepare for user access appropriateness assessment
Using the prioritized list from GI-1, analysts will walk you through the User Access Appropriateness Assessment Checklist using one of your top data/systems. The analyst will discuss what you need to be aware of as you assess the access levels of your users.
- Call 3: Assess current process and identify gaps
Using the IAM Controls Analysis Tool – work through your top applications/systems, and record current state information into the tool.
- Call 4: Create identity management implementation roadmap
Once the top data systems current state information is recorded in the tool, analysts will walk the client through the resulting dashboard results, ending with the Prioritization Roadmap. The Roadmap will document the top ten controls your organization needs to implement based on your data.
Contributors
- Wesfarmers Insurance
- Learning Care Group
- Towson University
Assess and Govern Identity Security
Mature Your Identity and Access Management Program
Simplify Identity and Access Management
Passwordless Authentication
