What Is Identity Management
View more OpenOffice presentations from kmanthey.
In the simplest terms, Identity Management is the process by which user access is assigned to technology assets (hardware, software, services, files, collections of data etc..). This process can be done manually, automated, or some combination of both.
In environments where the people and technology assets are constantly changing it’s important to have the right controls in place for ensuring that the right people have access to the right information at the right time. So... are you ready to get started? Here are some guidelines to get the ball rolling:
Develop a Business Process Driven Solution
Good Identity Management solutions are business process driven, not IT driven. Meaning, the processes for creating and maintaining identities should align with the on-boarding and off-boarding processes already in place. Or the way you want the processes to work. It should also support the full scope of "people" within your organization i.e. employees, temporary workers, customers, business partners. Different types may require different processes. A well thought through IdM process considers how the following will be executed:
1. Identity creation and maintenance – the creation and assignment of an identity entity to an actual person.
2. Access Request – the information required to determine the access to grant an identity
3. Approvals –those required to approve requests for access to information
4. Provisioning – the actual granting of access to the identity
5. Certification - the periodic review and validation of access granted to an identity
Identify Your Data Sources
The only way to protect the information is to know where the information resides. Identify the critical information, determine ownership, and begin the process of cleaning the data. Start with the highest risk areas first to manage scope. It’s easier said than done but it’s a critical first step.
Secure the Right Support
Identity Management has to be a strategic priority to be successful. It’s going to require funding, at some point, and people’s time – outside their normal day-to-day responsibilities - to make IdM successful. You can’t get buy-in for something that’s not well understood. Educate people on what IdM is and speak in terms that are meaningful to them. How will this make their job easier? How will it make them get from point A to B faster? Don’t expect people to make the leap on their own to connect all the dots. Make sure executives and management understand the benefits and what’s involved. Give them the information they need to evangelize the solution.
Create an Oversight Function
IdM is not something that get's implemented and hums on it's own. Like most processes it takes care and feeding. It takes someone focusing on the big picture and periodically assessing how well all of subprocesses are working together and when changes are needed. This function maintains the requirements of the IdM solution and see that the solution evolves with the needs of the business.
Develop an Onboarding Process
Consider how you handle bringing new access permissions and applications into the process on an on-going basis. Define the work required to on-board a new application and the resources required to make it happen.
Evaluate Automation Tools
Based on the needs of your organization, consider the technologies that exisit to automate the access request process and automate the provisioning of access. Or is a custom built solution more fitting? More to come in a future blog on the IdM vendor landscape, how to pick the right tool, and determining buy vs. build.
Identity Management is a growing space that has become even more important in today's regulatory environment. Review these guidelines with your organization in mind. Take what seems appropriate and adapt it to your situation.
No comments:
Post a Comment