- Wesfarmers Insurance
- Learning Care Group
- Towson University
- Organizations often leave identity management projects on hold, choosing instead to focus their attention on perimeter-related security and outward threats.
- Users can be an organization’s weakest link and should be addressed with the same rigor as the perimeter. A disgruntled employee who is fired but retains access because of negligent processes can cause problems for an organization.
- Lack of identity management processes can also create unnecessary help desk costs in relation to provisioning/deprovisioning cycles and password resets.
- Help desk costs can be drastically reduced by exploring streamlined and efficient password reset techniques like self-service.
- Automating provisioning/deprovisioning cycle times through software batch processes also saves time and costs.
- Auditing your users’ access does not have to be overwhelming. Implement a process where you focus on your critical applications and the sensitive user groups within them first, instead of trying to tackle the big picture, to make the task efficient and manageable.
Impact and Result
- Prepare to audit your users’ access and maximize your team’s time and effort by focusing on critical applications and systems.
- Optimize your current processes by picking your top ten areas to improve rather than taking everything on at once.
- Identity management processes are not impossible to maintain. Getting in front of managing your users’ IDs will make the process easier in the future.
This guided implementation is a four call advisory process.
Call #1 - Determine application sensitivity and key user and data groups
Provide information (spreadsheets, etc.) about your top five applications with access information on the four user groups (remote, internal, privileged – internal, and external). Identify critical user groups and prioritize.
Call #2 - Prepare for user access appropriateness assessment
Using the prioritized list from GI-1, analysts will walk you through the User Access Appropriateness Assessment Checklist using one of your top data/systems. The analyst will discuss what you need to be aware of as you assess the access levels of your users.
Call #3 - Assess current process and identify gaps
Using the IAM Controls Analysis Tool – work through your top applications/systems, and record current state information into the tool.
Call #4 - Create identity management implementation roadmap
Once the top data systems current state information is recorded in the tool, analysts will walk the client through the resulting dashboard results, ending with the Prioritization Roadmap. The Roadmap will document the top ten controls your organization needs to implement based on your data.