Good identity management is essential. Security and regulatory compliance are a major factor in any kind of effective Identity Management and Access Governence solution. So why is it still so difficult for so many organizations?
Systems, systems, everywhere ...
Due to the nature of the way we do business these days our users log on to many systems. Thanks to an improved security model all of these systems have at least one kind of authentication. Companies are integrating more and more of their information systems with each other.
The requirement to combine disparate technologies (particularly as a result of mergers and acquisitions) and the added complexity of single-sign-on, multi-factor authentication and other security systems can make user account and system access a time consuming and costly endeavour for IT departments.
Is it possible to keep all of the user accounts in sync across all of the systems?
Talking of security ...
One of the keys to successful identity management is to ensure that users have the right access levels to the correct data and systems. But this raises the question "If I can manage that for my internal users, how do I manage security and access for users outside the organisation?" These could be contractors, customers or partners.
With the General Data Protection Regulation (GDPR) now in-force there is a requirement for data to be stored securely, but also to know what data is stored for each user on each system. Couple this with the requirement to have documented processes of who handles the data and what they do with it, you can start to see the absolute need for Access Governance too.
Knowing what data you hold, who has access and what you do with it will make complying with GDPR much easier.
Managing the user lifecycle is a full time job ...
You may think that it all starts when the new user walks through the door on day 1 of the new job, but it starts a long way before then. Did they email their CV to the Human Resources department and what has happened to the records of that transaction? Does that information get forwarded in some way to the IT service desk to create the accounts for the systems that the user will need access to? Where do the passwords get stored and how does the user log in first time? Are they made to change their passwords on first log-in? When the happy day comes and the user gets married how is the name change handled?
We could go on, but sense that you might already have got the idea.
Let's not get into the 'change of role', 'merger and acquisition additional users' or the sad but valid 'resource actions' of the everyday workplace.
The above points and the "always connected" nature of the modern workforce have lead to the escalating volume of user administration.
It doesn't have to be this way
<Cut Scene to the yellow brick road and Dorothy heading into the sunset with her new friends>
As Dorothy clicks her heels together for the final time and transports herself to IM & AG utopia we notice that the road has turned Orange and the sun now looks like a BCC logo.
<Meanwhile, back in the real world>
When the user has mailed their CV to the Human Resources department the person assigned to that new user opens their browser and logs in to BCC AdminTool, completes the simple form for creating a new user and then hits the send button. This propagates the user information to all the systems that the user will need, all based on pre-defined profiles. The system controllers for each system will then follow the existing procedures for authorising the new user account.
The HR representative is also able to manage user name changes, moves from one part of the company to another and import the csv list of new users from the recent acquisition. All without being an administrator or raising an IT service desk ticket.
Meanwhile a user who has forgotten their password has managed to reset it using the AdminTool's self-service portal. A temporary password has been emailed to his supervisor. A quick phone call later and he's back into the work cycle and productive again.
User management doesn't need to involve many helpdesk tickets and precious time from busy administrators.
Are we back on the road with Dorothy or is this actually possible in the real world?
Why don't you call us to find out and get a demo?
(A cast of companion characters is not required for you to enquire.)
Watch the replay of our March webinar - Identity Management made simple.
Want to learn more?