It has been my experience most successful cyber security measures and platforms are those run "in the background"; applications so seamlessly integrated into the overall system the only time a user notices them is when he or she is entering login information. Even then, most users give nary a notice because the task of logging in and enacting the applicable Identity and Access Management (IAM) protocols eventually become routine and reach the point of going all but unnoticed.
But the business benefits of identity intelligence go well beyond making it unobtrusive. As the Arctec Group’s Gunnar Peterson recently pointed out in an article in Dark Reading, the importance of identity integration is paramount to a successful IAM system. He says:
"…the standards and products that support [IAM measures] are not enough by themselves; if they cannot integrate to your application then we are left with yet another silo or worse yet — shelfware."
Strangely enough, in spite of this, Peterson notes companies continue to ignore the importance of integrating identity intelligence protocols, IAM standards, and audit controls.
It’s a shame because the benefits of managing integrated identity intelligence are numerous. Here are a few examples:
- Reduces Costs: Simplified deployment methodology and maintenance combined with user self-service provisioning dramatically reduces the cost of identity management operations.
- Increases Business Efficiency: Self-service password reset and request processes with automated workflows streamline provisioning and free IT resources for higher-value tasks.
- Enhances Information Access: Employee access to critical information is accelerated via self-service selection and automated execution of approvals, user provisioning, and group management.
- Facilitates Security Compliance & Governance: Approval workflow and separation of duties ensure privileges are granted according to corporate policies, rule based group management, and external regulations such as SOX, GLB, HIPAA, etc. Comprehensive logging, alerting and reporting (scheduled and upon request) provide required audit controls.
- Identifies Resources: Hierarchical representation of available resources simplifies user navigation and provides a visual model of approval relationships.
- Allows for Hybrid Roles: Combine enterprise roles with individual assets and privileges in a flexible model that can be maintained by business or IT managers as the organization evolves.
- Updates Changes Seamlessly: Identity-optimized workflow is dynamically generated (no programming required) based on the Hierarchical Business Service Repository and organizational structure. Workflow is automatically updated with changes to the repository.
- Applies Conflict Rules Automatically: Applies pre-configured and user-defined conflict rules to ensure privileges conform to regulatory and internal standards. Approved exceptions are captured for audit review.
- Automates Logging and Reporting: All transactions are logged to provide a complete audit trail. Real-time and scheduled reports are available to support operations, management and auditing.
With a list like that, it is inexplicable why any company would ignore the importance of integration for its identity and access management system. Because of its ability to increase efficiencies of security measures, identity intelligence and access certification integration will surely be a reason for celebration while a lack of it will yield only condemnation.
Watch Ryan Ward, Chief Innovation Officer at Avatier, describe how to return identity and access management to the business user with Avatier’s Identity Access Management software.
Learn the role IT automation and business driven self-service administration play in creating lean operations. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.