In my last blog about the "Identity and Access Management for the Real World: The Fundamentals", I gave some pointers on front-loading your IAM project for success. Today I’d like to delve into some specifics of what you may be trying to accomplish with your IAM project, as well as some common barriers to tactical success. Finally, I'll leave you with some more ideas to help you succeed where so many others may have failed.
Today we’ll talk about access management, which is covered in Chapter 2 of the ebook series: Identity and Access Management for the Real World: Access Management.
The whole purpose of identity and access management is to grant people the access they need to do their jobs, but to do it in such a way that security and compliance are maintained. It’s a lot easier said than done. Just ask yourself a few questions:
- How long does it take for a new employee to be fully provisioned across all the systems necessary for them to do their job?
- How many separate workflows have to be followed? How many forms have to be filled out? How many separate people in IT need to get involved?
- How long does it take to reverse those processes when someone leaves the organization? And how many workflows, forms, and IT people must be involved to make that happen?
- How many passwords does your typical user have?
- How much time and money is spent simply helping users access basic stuff (such as password resets, ad-hoc access requests, etc.)?
- How does a new application (maybe an SaaS application), a new service, a new access scenario (such as BYOD), or a new user population (perhaps a partner) impact operations?
- When these things pop
-up do you create new workflows, additional forms, and dump even more menial tasks on already overtaxed IT staff?
If the answer to any of these is not “one” or “it’s easy and works seamlessly with what I already have in place"; then yours is like most IT organization. It's not a question of whether a "real world" approach to IAM can help; the issue is “where do I start?”
Here are 4 tips to help you get started:
Reduce the number of passwords - This can be done through consolidation of directories and identities and through single sign-on (SSO) technologies. Don't settle for a solution that addresses one area while leaving others untouched. The ideal SSO approach will provide for each of your diverse target systems. Here’s a short video that talks about this real-world approach to single sign-on.
Automate as much as possible - This will relieve IT of the time-consuming and error-prone burden of manually managing identities and access across diverse systems. Most IAM solutions are all about automation, but unless you implementwith an eye on unification and consolidation you could end up automating the same thing on different systems, with different tools.
Get the biggest bang for your buck - If you can get Active Directory right, pulling as much into AD as possible, you will free up lots of time and money to focus on other areas. Here’s a video about using AD as a starting point. Here’s an active directory management video that shows some of the ways you can use AD-specific tools to open up bandwidth for larger IAM initiatives.
Keep your eye on the prize - Never forget the goal of your IAM project: you need to ensure that everyone in your organization can get to the things they need to do their jobs, and that none of your important stuff falls into the wrong hands. Stated another way, you need governance. Don’t miss the forest for the trees by getting bogged down in the tactical problem of the day. Keep your eye on the strategic purpose that drives the whole thing.
For a more in-depth discussion of access management and the real-world approach that I’ve been talking about, download Identity and Access Management for the Real World: Access Management. And keep your eye on this space for additional insight into making your IAM project perfect for your real world.