In today’s highly distributed IT world, where organizations must secure a complex web of on-premises and SaaS applications and structured and unstructured data, it’s becoming increasingly difficult to manage users’ access. Employees today routinely work away from the office, and need applications to easily communicate and transfer information across countries and even continents. Investing in an identity and access management solution can certainly help manage and govern this access, empowering both IT and employees, but not all IAM solutions are created equal.
In our 10 years in the industry helping our customers harness the power of identity, we’ve identified five fundamental principles that can help guide the selection and implementation of identity governance.
- Think Identity, not User Account: In the early days of IAM, it was enough to look at a single user account in isolation as part of automating basic provisioning processes. The rapid escalation of internal and external threats now requires a more holistic approach whereby organizations look at the entire identity, including all of their accounts and entitlements.
- Manage Access to All Apps and Data Together: Mainstays systems such as SAP, Oracle and RACF aren’t going anywhere anytime soon, but newcomers like Office 365, Dropbox and Salesforce need to be managed in the same way when it comes to user access. In addition, you need to be thinking outside of the traditional, structured systems to the primary repositories of unstructured data in the organization – file shares, collaboration portals and cloud storage systems.
- Full Lifecycle Governance is Required: Automating onboarding is extremely helpful, but users don’t just enter an organization. They also move among departments, gain ad hoc access for special projects, leave, re-join, etc. In order to manage risk, organizations must govern the entire user access lifecycle, not just part of it.
- Consistently Apply Identity Controls: Adding onto the previous point, just as you need to manage the full lifecycle of a user, so too must you be consistent with how your identity and access management controls are structured. Whether its regularly reviewing user access across sensitive applications and data segregation-of-duty policy analysis, you should be reviewing all identities and their access to all applications and data. It only takes one misplaced account to open the door to a breach.
- User Experience is Everything: Gone are the days where users will put up with a poor user experience. If your team can’t figure out how to use or is regularly frustrated from using your IAM solution, your project is as good as dead. They will actively avoid using it, leading to significant risks as the work around the process. By leveraging an IAM solution which is build on modern UI technologies, you can deliver your business users a great experience, on any device.
Of course there are more considerations you must make when choosing a new Identity Management solution to empower your workforce, but if you don’t start with these five fundamentals, you may be looking for yet another Identity Management solution before long.