Simplify Identity and Access Management

Leverage risk- and role-based access control to quantify and simplify the IAM process.

Onsite Workshop

Implementing role-based access control (RBAC) is a time- and resource-consuming project, but without it, identity and access management (IAM) practices tend to be chaotic and full of entitlement sprawl.

  • Organizations have watched their systems become more entangled as more processes are moved to the cloud and more security threats present themselves.
  • Auditing a long list of users is a tedious task that nobody wants to do. Unclassified data exacerbates the problem.
  • Treating users on a user-by-user basis is not sustainable, and leads to users acquiring or retaining access they do not need to do their job. This violation of the principle of least privilege can result in an organization becoming non-compliant with some of today’s enforced regulations.

Having a RBAC model in place will free up the IT team’s time to focus on other methods of protecting the organization:

  • An RBAC model is a centralized, effective, and efficient system for managing identity and access.
  • Info-Tech can assist organizations with creating a repeatable, simplified auditing process for the RBAC model in order to minimize entitlement sprawl.
  • This research will educate readers on selecting and implementing IAM vendors and will assist in producing vendor RFPs and shortlisting vendors to help ensure that selected vendor solutions offer capabilities required by the organization (e.g. multi-factor authentication) based on business goals, compliance, and other gaps, and will offer integration functionality with the different cloud vendors (e.g. SaaS) used by the organization.

Module 1: Complete Level Setting

The Purpose

  • Create the foundations for implementing a more robust method for managing identity and access within the organization.

Key Benefits Achieved

  • Insight into how to best clean up the current user directory
  • An understanding of the misuse impact of the permissions given to users

Activities: Outputs:
1.1 Define the goals of identity and access management (IAM).
  • Defined goals for IAM
1.2 Classify application functions.
  • Data classification scheme for applications
1.3 Identify the misuse impact of each permission.
  • Foundation for using risk to justify future access assignment decisions
1.4 Discuss role-based access control (RBAC) methodology.

Module 2: Create the RBAC Model

The Purpose

  • Develop a documented and formalized RBAC model.

Key Benefits Achieved

  • A more robust method for managing IAM
  • Documented access matrix for future reference

Activities: Outputs:
2.1 Identify the best approach for creating roles.
  • A plan for implementing a role engineering exercise
2.2 Define cardinal constraints through discussion.
  • Documented role constraints
2.3 Identify mutually exclusive pairs of roles with an affinity map.
  • Documented role constraints
2.4 Assign users to roles.
  • Repository for permission-role and user-role assignments

Module 3: Analyze the Results

The Purpose

  • Identify risk-aware metrics for measuring the effectiveness of the RBAC model over time.
  • Build a maintenance schedule.

Key Benefits Achieved

  • The development of risk-aware metrics allows for the measurement of the effectiveness of the RBAC model over time
  • A plan for completing and implementing the RBAC model

Activities: Outputs:
3.1 Discuss the risk evaluations of roles and users.
  • Risk-aware metrics
3.2 Define risk threshold for users.
  • Risk-aware metrics
3.3 Set targets for metrics through a group discussion.
  • Risk-aware metrics
3.4 Discuss an exception-handling process.
  • Maintenance plan
3.5 Build a maintenance schedule through group discussion.
  • Maintenance plan

Module 4: Plan for the Transition

The Purpose

  • Outline best practices for selecting and implementing an IAM solution from a vendor.

Key Benefits Achieved

  • A plan for contacting vendors and assessing their solutions against business requirements and goals

Activities: Outputs:
4.1 Determine your target IAM framework.
4.2 Identify alignment with use cases.
4.3 Prioritize your solution requirements based on your business, architecture, and performance needs.
4.4 Create an RFP to submit to vendors.
4.5 Identify the resourcing plan for your IAM implementation.
  • IAM vendor procurement plan
4.6 Determine start times and accountability with a RACI chart.
  • IAM RACI chart
4.7 Finalize IAM roadmap and action plan.
  • IAM roadmap and action plan

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
GET HELP Contact Us
×
VL Methodology