|
 |
|
The 3 Pillars of Identity
Management
A briefing on implementing a
strategic identity management vision
With so many products on the
market from so many different vendors, simplifying the idea
of identity & access management is a key starting point to
helping IT executives understand how to bring their identity
management vision to life.
|
"When building customer or partner portals, firms
should combine LDAP directories with identity
management...but implementing these products alone is
difficult."
Source: Forrester Research,
“Identity Management Splits, Users Gain Clarity” |
"Proper filtering and correlation reduces false
positives, which will allow improved monitoring of entire
networks."
Source: Current Analysis,
"Competing Effectively in the Information Security Market" |
|
|
|
|
|
If you ask any IT executive or vendor what the most
important pieces of the identity management puzzle are,
you'll likely get different answers from nearly all of them.
In large part, this is because the depth of functionality
included with many enterprise identity-related products is
overwhelming. The goal of this briefing is to outline, in
their most basic form, the primary components of an
effective identity & access management strategy. It's an
effort to simplify a very complex topic.
IDENTITY MANAGEMENT’S CORE VALUE PROPOSITIONS
Identity management has many value propositions and business
drivers. Some of the most popular include:
1. Reduced Password Reset Calls To The Help Desk
Depending on who you ask, between 30% - 40% of all calls to
the Help Desk are related to password resets. An effective
identity & access management strategy has proven to reduce
this burden by as much as 90% in some cases. For example, if
10,000 employees were to call the Help Desk twice per year
to have their passwords reset, a 90% call reduction would
equate to roughly $630,000 in cost savings over 12 months.
Password management is one area that will significantly
impact the scalability of your identity architecture and
should therefore be evaluated early on in the planning
process. This area will also be your shortest route to an
immediate Return on Investment (ROI).
2. Automated Account and Access
Provisioning/De-Provisioning
New users, account terminations, and changes to resource
access assignments represent a significant burden on System
Administrators responsible for user account and access
maintenance. If this function is not automated (by Role or
otherwise), the time spent on provisioning and/or
de-provisioning users and their appropriate levels of access
to various resources can be extremely costly. While this
area may not immediately return its implementation
investment, implementing the function to (a) dynamically
assign access to resources based on a users defined role
(i.e. Role Based Access Control, or RBAC) and to (b)
automatically create or terminate user accounts, will
represent a very healthy long-term benefit. It's important
to note that in terms of your identity architecture's
ability to scale, user provisioning/de-provisioning is not
particularly taxing and therefore the identity architecture
should not be built around this function. A better issue to
tackle early on would be password management (see previous
point).
3. Monitoring Compliance Using Security Event Auditing
and Correlation
Consistently monitoring internal compliance with
industry/government regulations (PCI and HIPAA to name a
couple of important ones) and corporate security policies is
a time consuming proposition. Many organizations do this
sporadically but "consistently" is the key word in this
case. You can define all the policies you want but in the
end, if you can't make sense of security-related events that
are happening enterprise-wide, the policies are in danger of
proving useless. This area represents a potential long-term
gain in terms of ROI and should be an integral piece of any
effective identity-related strategy.
4. Increased User Productivity Using Single Sign-On and
Federation
An IBM patent filing in Europe quoted a study which claimed
that on average, a user spends 11 hours per year simply
logging into regularly used applications and that by
implementing single sign-on functionality, an organization
could reduce this time by over 35%, or 4 hours. If you
multiply that by 10,000 users, this equates to a
productivity savings of 40,000 hours (more than 19 full-time
employees) per year. The math adds up quickly.
Taking the aforementioned value propositions into
consideration, we want to answer the question, "What
components of an identity management strategy does an IT
executive need in order to take advantage of these
benefits?"
Want to keep reading?
REGISTER TO UNLOCK ALL OF OUR SECURE CONTENT - It's Free!
- or -
Login to the Resource Library below with an existing account
|
|
|
// TALK WITH US |
|
|
|
|
|
|
|
|
// AUTHOR |
|
|
Shawn Torkelson, Synapse SE
Managing Director |
|
|
|
|
|
|
|
|
