Simplify Identity and Access Management
Leverage risk- and role-based access control to quantify and simplify the IAM process.
RETIRED CONTENT
Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.Implementing role-based access control (RBAC) is a time- and resource-consuming project, but without it, identity and access management (IAM) practices tend to be chaotic and full of entitlement sprawl.
- Organizations have watched their systems become more entangled as more processes are moved to the cloud and more security threats present themselves.
- Auditing a long list of users is a tedious task that nobody wants to do. Unclassified data exacerbates the problem.
- Treating users on a user-by-user basis is not sustainable, and leads to users acquiring or retaining access they do not need to do their job. This violation of the principle of least privilege can result in an organization becoming non-compliant with some of today’s enforced regulations.
Having a RBAC model in place will free up the IT team’s time to focus on other methods of protecting the organization:
- An RBAC model is a centralized, effective, and efficient system for managing identity and access.
- Info-Tech can assist organizations with creating a repeatable, simplified auditing process for the RBAC model in order to minimize entitlement sprawl.
- This research will educate readers on selecting and implementing IAM vendors and will assist in producing vendor RFPs and shortlisting vendors to help ensure that selected vendor solutions offer capabilities required by the organization (e.g. multi-factor authentication) based on business goals, compliance, and other gaps, and will offer integration functionality with the different cloud vendors (e.g. SaaS) used by the organization.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Module 1: Complete Level Setting
The Purpose
- Create the foundations for implementing a more robust method for managing identity and access within the organization.
Key Benefits Achieved
- Insight into how to best clean up the current user directory
- An understanding of the misuse impact of the permissions given to users
Activities: | Outputs: | |
---|---|---|
1.1 | Define the goals of identity and access management (IAM). |
|
1.2 | Classify application functions. |
|
1.3 | Identify the misuse impact of each permission. |
|
1.4 | Discuss role-based access control (RBAC) methodology. |
|
Module 2: Create the RBAC Model
The Purpose
- Develop a documented and formalized RBAC model.
Key Benefits Achieved
- A more robust method for managing IAM
- Documented access matrix for future reference
Activities: | Outputs: | |
---|---|---|
2.1 | Identify the best approach for creating roles. |
|
2.2 | Define cardinal constraints through discussion. |
|
2.3 | Identify mutually exclusive pairs of roles with an affinity map. |
|
2.4 | Assign users to roles. |
|
Module 3: Analyze the Results
The Purpose
- Identify risk-aware metrics for measuring the effectiveness of the RBAC model over time.
- Build a maintenance schedule.
Key Benefits Achieved
- The development of risk-aware metrics allows for the measurement of the effectiveness of the RBAC model over time
- A plan for completing and implementing the RBAC model
Activities: | Outputs: | |
---|---|---|
3.1 | Discuss the risk evaluations of roles and users. |
|
3.2 | Define risk threshold for users. |
|
3.3 | Set targets for metrics through a group discussion. |
|
3.4 | Discuss an exception-handling process. |
|
3.5 | Build a maintenance schedule through group discussion. |
|
Module 4: Plan for the Transition
The Purpose
- Outline best practices for selecting and implementing an IAM solution from a vendor.
Key Benefits Achieved
- A plan for contacting vendors and assessing their solutions against business requirements and goals
Activities: | Outputs: | |
---|---|---|
4.1 | Determine your target IAM framework. |
|
4.2 | Identify alignment with use cases. |
|
4.3 | Prioritize your solution requirements based on your business, architecture, and performance needs. |
|
4.4 | Create an RFP to submit to vendors. |
|
4.5 | Identify the resourcing plan for your IAM implementation. |
|
4.6 | Determine start times and accountability with a RACI chart. |
|
4.7 | Finalize IAM roadmap and action plan. |
|