Trial lock

This Research is for Members Only

Not a member? Unlock a free sample of our research now!

Already a member?

Sign in now

Security icon

Build an Identity Security Services Plan

Secure your weakest links: your users.

Unlock a Free Sample

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Wesfarmers Insurance
  • Learning Care Group
  • Towson University

Your Challenge

  • Organizations often leave identity management projects on hold, choosing instead to focus their attention on perimeter-related security and outward threats.
  • Users can be an organization’s weakest link and should be addressed with the same rigor as the perimeter. A disgruntled employee who is fired but retains access because of negligent processes can cause problems for an organization.
  • Lack of identity management processes can also create unnecessary help desk costs in relation to provisioning/deprovisioning cycles and password resets.

Our Advice

Critical Insight

  • Help desk costs can be drastically reduced by exploring streamlined and efficient password reset techniques like self-service.
  • Automating provisioning/deprovisioning cycle times through software batch processes also saves time and costs.
  • Auditing your users’ access does not have to be overwhelming. Implement a process where you focus on your critical applications and the sensitive user groups within them first, instead of trying to tackle the big picture, to make the task efficient and manageable.

Impact and Result

  • Prepare to audit your users’ access and maximize your team’s time and effort by focusing on critical applications and systems.
  • Optimize your current processes by picking your top ten areas to improve rather than taking everything on at once.
  • Identity management processes are not impossible to maintain. Getting in front of managing your users’ IDs will make the process easier in the future.

Research & Tools

1. Identify users & access

Audit the appropriateness of their access levels.

2. Prepare to audit user access

Audit users regularly, not just when problems occur.

3. Identify current identity management practices

Inventory and assess current processes.

4. Create an implementation roadmap

Prioritize solutions instead of taking on too much at once.

Guided Implementations

This guided implementation is a four call advisory process.

Call #1 - Determine application sensitivity and key user and data groups

Provide information (spreadsheets, etc.) about your top five applications with access information on the four user groups (remote, internal, privileged – internal, and external). Identify critical user groups and prioritize.

Call #2 - Prepare for user access appropriateness assessment

Using the prioritized list from GI-1, analysts will walk you through the User Access Appropriateness Assessment Checklist using one of your top data/systems. The analyst will discuss what you need to be aware of as you assess the access levels of your users.

Call #3 - Assess current process and identify gaps

Using the IAM Controls Analysis Tool – work through your top applications/systems, and record current state information into the tool.

Call #4 - Create identity management implementation roadmap

Once the top data systems current state information is recorded in the tool, analysts will walk the client through the resulting dashboard results, ending with the Prioritization Roadmap. The Roadmap will document the top ten controls your organization needs to implement based on your data.