For a considerable period of time, identity management solutions were technology focused implementations geared towards automating user access management processes. The reality of the situation unfortunately saw a growing businesses despondency with the perceived lack of business value being derived from deployed identity and access management solutions. The shortfall on derived business value can primarily be attributed to:
The massive integration undertaking required, involving expensive skills and expensive technology, when integrating all IT systems in a company with an identity management service.
Data quality from feeder systems, usually human resources systems, that drive automated user access management processes is often very poor. Employee records are either so lacking in detail or the existing details are so ambiguous that it is often impossible to derive usable provisioning and access management data for business systems integration.
The line of business demands involvement in user access management processes, such as reviewing who has what access.
With the immediate pressures of legislative compliance, IT executives are looking more closely at identity management solutions to provide their organisations with a set of easy to use processes that will allow line of business to manage access to IT resources themselves.
Provisioning of access now no longer has a need to be fully automated. Organisations have the choice of adopting a combination of a direct automated approach to provisioning accounts and access through integration with their directory services while also utilising a manual process where tickets are submitted with a IT service desk for account access assignment to other systems.
This hybrid approach allows for a shortened identity management service implementation time. Thereafter all IT systems can be configured with a single set of processes used throughout the organisation for requesting access, approving access and reviewing access to IT resources. In some cases provisioning can initially take place through a service desk, but then can be moved over time to an automated provisioning integration when the need arises.
Many best practices (King III, COBIT, etc) and legislation (Sarbanes Oxley, POPI, etc.) requires that identities and their applicable access be managed. These requirements promote the request to access, approval of requests and assignment of access to be stored electronically and to be easily reported on. With this data electronically recorded it is possible to frequently review access assignments, allowing line of business to ensure that their direct reports always have the right access, but never allowing access to accrue beyond that necessary for their job role.
When the core of an identity management system is focused upon the achievement of these access governance goals, it is simple to motivate such a solution to a business audience. More importantly it is also easier to show business a quick return on investment. Identity management in the future will focus on ensuring continuous compliance. As identity information changes, for example an employee’s job title, the access must immediately be reviewed by the line manager, ensuring that there is no prolonged period during which the organisation is exposed to risk.
For more information contact Ubusha Technologies, +27 (0)82 882 0351, [email protected]
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version