Build an Identity Security Services Plan

Secure your weakest links: your users.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Organizations often leave identity management projects on hold, choosing instead to focus their attention on perimeter-related security and outward threats.
  • Users can be an organization’s weakest link and should be addressed with the same rigor as the perimeter. A disgruntled employee who is fired but retains access because of negligent processes can cause problems for an organization.
  • Lack of identity management processes can also create unnecessary help desk costs in relation to provisioning/deprovisioning cycles and password resets.

Our Advice

Critical Insight

  • Help desk costs can be drastically reduced by exploring streamlined and efficient password reset techniques like self-service.
  • Automating provisioning/deprovisioning cycle times through software batch processes also saves time and costs.
  • Auditing your users’ access does not have to be overwhelming. Implement a process where you focus on your critical applications and the sensitive user groups within them first, instead of trying to tackle the big picture, to make the task efficient and manageable.

Impact and Result

  • Prepare to audit your users’ access and maximize your team’s time and effort by focusing on critical applications and systems.
  • Optimize your current processes by picking your top ten areas to improve rather than taking everything on at once.
  • Identity management processes are not impossible to maintain. Getting in front of managing your users’ IDs will make the process easier in the future.

Contributors

  • Wesfarmers Insurance
  • Learning Care Group
  • Towson University

Want to Participate in Our Research?

  • Analyst Interviews: Share your best practices, opinions, tools or templates with your peers.
  • Webinars: Interactive session to keep us focused on topics you want to tackle.
  • Upcoming Workshops: Accelerate your project with an onsite, expert analyst to facilitate a workshop for you. Contact us for more details.

Become a Participant


Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

  1. Identify users & access

    Audit the appropriateness of their access levels.

  2. Prepare to audit user access

    Audit users regularly, not just when problems occur.

  3. Identify current identity management practices

    Inventory and assess current processes.

  4. Create an implementation roadmap

    Prioritize solutions instead of taking on too much at once.

Guided Implementation icon Guided Implementation

This guided implementation is a four call advisory process.

  • Call #1: Determine application sensitivity and key user and data groups

    Provide information (spreadsheets, etc.) about your top five applications with access information on the four user groups (remote, internal, privileged – internal, and external). Identify critical user groups and prioritize.

  • Call #2: Prepare for user access appropriateness assessment

    Using the prioritized list from GI-1, analysts will walk you through the User Access Appropriateness Assessment Checklist using one of your top data/systems. The analyst will discuss what you need to be aware of as you assess the access levels of your users.

  • Call #3: Assess current process and identify gaps

    Using the IAM Controls Analysis Tool – work through your top applications/systems, and record current state information into the tool.

  • Call #4: Create identity management implementation roadmap

    Once the top data systems current state information is recorded in the tool, analysts will walk the client through the resulting dashboard results, ending with the Prioritization Roadmap. The Roadmap will document the top ten controls your organization needs to implement based on your data.

Onsite Workshop

Module 1: Make the Case

The Purpose

  • Establish why you should care about identity management.
  • Understand what happens when you choose not deal with user access.
  • Understand how identity security fits into your overall security portfolio.
  • Track metrics to save money and streamline your processes.

Key Benefits Achieved

  • Support for why this project is valuable.
  • Metrics to apply to your own help desk operations to track successes and cost savings.

Activities: Outputs:
1.1 Understand the importance of this Blueprint to your overall operations, security and spending.
  • Metrics
1.2 Understand metrics around help desk costs and operations that you can track.

Module 2: Identify users and what they can access

The Purpose

  • Identify user groups in your applications/systems.
  • Understand which groups are critical based on their overall sensitivity.
  • Prioritize applications and systems based on sensitivity to prepare for a user audit.

Key Benefits Achieved

  • Create a re-executable process for preparing to audit your user groups by focusing on critical applications/systems first.

Activities: Outputs:
2.1 Identify your top five applications/systems to work on first.
  • Prioritized list of your critical applications/systems to audit in Module 3.
2.2 Identify the user groups and the owner of that application/system.
2.3 Establish the sensitivity level of that application/system and the user groups in preparation for an audit.
2.4 Prioritize those applications/systems based on sensitivity levels.

Module 3: Prepare to audit user access appropriateness

The Purpose

  • Identify your user groups in your applications/systems.
  • Understand which are your critical groups based on their overall sensitivity.
  • Prioritize applications and systems based on sensitivity to prepare for a user audit.

Key Benefits Achieved

Create a re-executable process for preparing to audit your user groups by focusing on critical applications/systems first.

Activities: Outputs:
3.1 Identify your top five applications/systems to work on first.
  • 3. Prioritized list of your critical applications/systems to audit first in Module 3.
3.2 Identify the user groups and the owner of that application/system.
3.3 Establish the sensitivity level of that application/system and the user groups in preparation for an audit.
3.4 Prioritize those applications/systems based on sensitivity levels.

Module 4: Identify current identity management practices

The Purpose

  • To identify what your organization is currently doing well.
  • To determine gaps in your current processes, policies, and technologies.

Key Benefits Achieved

  • Finding ways to optimize what your organization currently implements.
  • Identifying where improvements can be made to increase efficiency and cost savings.

Activities: Outputs:
4.1 Identify current technologies, policies, and processes currently in place with IAM Controls Analysis Tool.
  • IAM Controls Analysis Tool
4.2 Perform gap analysis with the IAM Controls Analysis Tool.
4.3 Optimize what you currently have in place.

Module 5: Create implementation roadmap

The Purpose

  • Identify the top 10 controls your organization should pursue to close the gaps in your identity management processes.

Key Benefits Achieved

  • Instead of doing too much all at once, this module uses your data to create a customized and prioritized list of controls that address the gaps in your identity management strategy.

Activities: Outputs:
5.1 Identify your top 10 controls to apply to your identity management strategy with the IAM Controls Analysis Tool.
  • IAM Controls Analysis Tool
  • Identity and Access Management Policy
5.2 Understand what each user group requires in terms of identity management controls.
5.3 Develop an Identity and Access Management Policy.

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now
GET HELP Contact Us
×
VL Methodology