Fast growing organizations have large group of
users, including the partners, suppliers, customers and employees having access
to sensitive company information. For such organizations security and maintaining
access control over a wide range of network becomes a major issue. Governing
access to organizational resources helps in managing risk related to security
such as controlling and monitoring access to company assets and sensitive data,
imposing separation of duties as inappropriate access to critical data may
result into inaccurate or fraudulent transactions. It also helps in addressing
regulatory requirements (e.g.: SOX, JSOX, ISO 27001, etc.) and needs of various
stakeholders (e.g.: users, suppliers, owners, auditors, etc.). Organizations
with typical IT architecture are more vulnerable to threats and frauds. Such
architecture provides multiple identity stores and administration points,
redundant data synchronization and replication and user authentication for each
application, resulting into increased burden on IT resources and increase in
the cost of complying with regulatory requirements. Replacing age-old IT
architecture with new Incident and Access Management (I&AM) architecture provides
solutions such as Active Directory, Single Sign-on, Security Tokens, and many
more products. The I&AM architecture provides a single, integrated framework
that automates the management of user identities in and out of the
organization. It provides a single identity store and administration point, reduced
replication and synchronization of data, single sign-on and the ability to
present multiple data views.
I&AM solutions provide a secure framework
that allows an organization to leverage its IT assets and new computing models
like Software as a Service (SaaS), Platform as a Service (PaaS); while reducing
total cost and ensuring compliance. Organizations imposing access and identity
management procedures are able to identify and eliminate security threats in
their provisioning systems by establishing a process for accessing company
assets, terminate access immediately for the ones who leave the organization,
continuous monitoring of access logs and practicing a good password management
process. Identity management solutions integrates various business systems in
an organization, including directories, operating platforms, network storage
and partner systems. For instance, when a new user joins the organization, his
/ her identity is provisioned automatically, and his / her access permissions,
passwords and identity are synchronized across networked systems. The user does
not have to wait for days to access applications and systems and can get their
jobs done from the moment they join the organization. Governing access also
helps in monitoring the number of orphan accounts in an organization. An Orphan
Account is an account belonging to a user who has left the organization. Having
large number of Orphan accounts in an organization can lead to security and
compliance breaches, internal and external data breaches and identity frauds.
Many times, employees in an organization make use of orphan accounts to steal
information from the system, cause harm to company assets as a result of taking
revenge or simply to play mischief leading to security breach. Keeping a check
on the number of orphaned accounts and having proper access and identity
management procedures in place to locate orphaned account helps in avoiding
fraud. I&AM process helps in preventing unauthorized access to system by
continuous monitoring of privileges across the organization and minimizes the
time and cost of spent in managing access related risk. It provides reasonable
assurance to the partners and customers by providing a secure access to
business-critical systems and data, thereby increasing their productivity.
The organizations leading in governing access
gain substantial financial benefits as compared to those lagging organizations;
including increase in user productivity, reduced risk, improved security and
compliance, and decreased in the total cost.
About Author:
Onkar Lalla is a Consultant and an important part of the Systems Plus Pvt. Ltd. think tank. Within Systems Plus, he actively contributes to the areas of Technology and Information Security. He can be contacted at onkar.l@spluspl.com
This comment has been removed by the author.
ReplyDelete