Mapping IAM Processes To The Business

  /     /     /  
Publicated : 22/11/2024   Category : security


Mapping IAM Processes To The Business


Identity and access management processes work better when they mirror business processes. Heres a look at where they align



[Excerpted from Mapping IAM Processes To The Business, a new report posted this week on Dark Readings
Identity and Access Management Tech Center
.]
The problems of managing user identities and access to sensitive data are well-known and intractable. For all but the most sophisticated organizations, the past 15 years has been about consolidating identity and access management around technologies like Microsofts Active Directory and LDAP, and about moving -- haltingly -- toward goals such as enterprise single sign-on and identity governance.
During this time, identity and access management has largely been focused on securing people and devices to traditional, perimeterized IT networks, with people identified by a user ID and password and devices by an IP address, says Bill Conner, the CEO of Entrust.
The world is changing, though. Malware is more stealthy and targeted -- able to gain a foothold on end user systems and then use (and abuse) their access to network resources to make off with sensitive data. Recognizing this, both internal and external auditors are concerned more with the ends of user access to data than with the means. They want to know who can access sensitive personal information and other regulated data, and how.
At the same time, Conner says, the rapid adoption of technologies such as virtualization and the SaaS computing model has moved the goalpost by redefining how applications and data are used and accessed. Despite this, many organizations continue to rely on ad hoc, siloed and manual processes for managing user identities and access across applications and resources.
User provisioning has historically been a long, laborious and expensive task implemented by an organizations IT group and managed through the help desk. The result, says Jason Garbis, vice president of marketing at Aveksa, was that companies would extend the central IAM platform -- traditionally supplied by vendors such as IBM/Tivoli, Oracle and CA -- out to the few mission-critical applications but would leave many unmanaged.
Add to that the complexity of todays Web-based and SaaS applications, which are often adopted by line-of-business managers without any consideration as to how to manage the new set of user accounts. Indeed, in large organizations, dozens of separate SaaS applications may be used by overlapping groups of users, with only the barest involvement of the IT group and others responsible for managing identities within the organization.
For a look at how companies are overcoming these issues and aligning their IAM processes more closely with business operations,
download the free report
.
Have a comment on this story? Please click Add a Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Mapping IAM Processes To The Business