Assignment NOT Access Management Software

Assignment NOT Access Management Software

Access management software growth.

It’s time for the IT and Information Security industries to start thinking in broader business terms when it comes to identity and access management software. “Identities” in businesses today require so much more than just security and IT-related resources, so why should enterprise-class solutions only focus on Access? What is truly needed is an i identity and assignment management solution that provides all the features of requesting, approving, tracking and granting assignments.

The concept of assignment management has existed in one form or another as long as companies have had employees. Simple example: A medieval blacksmith shop in England hires a new blacksmith, and they need to “onboard” the new hire. The new blacksmith is provided the following upon starting the new position:

‐ Scroll detailing the rules of the shop needing signature (an X) — Policy

‐ 2 hammers — Asset

‐ 1 rasp — Asset

‐ 2 files — Asset

‐ 1 pincer — Asset

After a probation period, the blacksmith is then granted one more item:

‐ Key to the building — Access

And the blacksmith himself puts in a request to receive another item:

‐ 1 chisel — Asset

All of these items are assignments, and every worker today has a number of different resources assigned to them throughout their employment. Assets and access are typical assignments, but assignments can also take the form of task-based responsibilities such as signing a policy within 30 days of employment or completing a training program.

Since organizations are spending millions of dollars on traditional identity management solutions, doesn’t it make sense to have a business mindset to solve broader “assignment” issues at the same time as general access issues? An IT-only view of the assignment challenge is limiting and only solves a small piece of the broader identity puzzle.

Enterprise risk management must include the needs of business units in order to deploy a holistic assignment management solution that provides actionable service catalog capabilities along with asset and access management software workflow capabilities. Better yet, it would be great if key business leaders initiate the teaming effort with IT to solve overall organizational challenges with assignments in order to produce a more efficient risk management solution that has full management control of all identity assignments. The increased automation from this type of solution would speed employee productivity and free resources to perform more value-added work.

Traditionally, IT has taken the lead in identity and access management software implementations because most solutions are solely influenced by identity and access management cyber security software capabilities. Implementing IT-specific solutions that only solve one piece of the assignment challenge (access) is antiquated thinking that needs to stop. Implementing an identity and assignment management solution however, can solve a much broader set of challenges. Also, joint funding from business units and IT can help justify the cause to undertake this type of project, which has often received push back when only initiated by IT.

If both business value and IT operational value can be realized by implementing a true assignment management solution, the chance of receiving support is much higher. Leveraging this type of identity and access governance will also open up new ideas for how other aspects of assignments and approval-based tasks are implemented throughout the organization.

Therefore, let’s drop the IT-mindset and start thinking like business leaders when it comes to IAM initiatives.  Identity management solutions that do not address all aspects of assignment management are old-school. CISOs and CIOs who propose solving all organizational identity issues along with IT access issues will definitely garner more support than those seeking only to improve their own internal security challenges.  The future is now!

Follow Ryan Ward, Avatier Chief Innovation Officer and Chief Information Security Officer, on Twitter at https://twitter.com/ryawarr

Watch the Avatier Identity Analyzer Product Introduction video:

BP_identity-management Get a Free Copy of the Top 10 Identity Management Best Practices Workbook

Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.

Request the Workbook

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.

Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).