In today’s fast paced business world, users’ applications and systems needs can shift quickly. Imagine the marketing team has just purchased licenses for a new tool to track mentions of your company. Or the CRM system you use has added new capabilities that now make it valuable – even critical – for your product management team. Maybe the sales support and operations staff has moved into the marketing department and needs access to new applications. Identity-based provisioning was created more than a decade ago to automate and streamline the process for granting and revoking access to systems when employees join or leave the company – but these situations pose a different challenge.
The common thread for all of the above situations is their lack of commonality. That is, these types of situations happen frequently, but the underlying details are unique to each organization and, perhaps more frustratingly – they can’t be planned for. If you’re in IT operations or security, addressing these “known unknowns” is time consuming, costly and if not managed properly, can put the business at risk for dangerous breaches and compliance violations.
How do you create and enforce access control policies that address business situations you are not able to anticipate?
The Risk of Known Unknowns
Unplanned help desk requests to access and use applications can put an incredible strain on IT departments. First, because these requests cannot be planned, they fall outside of traditional provisioning processes which means they often have to be handled manually. Second, even though IT is responsible for the overall security of the organization – which includes controlling access to all corporate resources – IT may not be the designated owner or steward of the applications. In the example above, the marketing team most likely manages the procurement, management and license allocation for the application. This puts the onus on IT to ensure the marketing team adheres to corporate policy when it comes to provisioning access to these applications.
For users (and the business), that strain translates into longer wait times to access business systems that are essential for daily work. This can create frustration for all those involved and cuts into productivity. In turn, frustrated users are more likely to work around IT and break security policies. These employees (presumably) aren’t trying to intentionally put the business at risk; employees are simply trying to get their jobs done as quickly and painlessly as possible. However, uncontrolled access to corporate resources can threaten the integrity of the business, as well as violate compliance regulations. This risk potentially negates any benefit of having a security policy in place.
Extend your Provisioning Policies with Access Request
As highlighted above, identity-based provisioning can solve a solid majority of the IT and security operations challenges involved with connecting the right users to the right applications. The addition of user profiles and role classification capabilities further enhances security and control to access policies. However, gaps still remain. This is where specific access request policies and capabilities come into play.
Leveraging the Cloud for Access Request
IdentityNow Access Request extends your provisioning policies beyond traditional onboarding and offboarding processes and role-based access, to address unplanned requests. This helps IT in a number of ways:
Increased Productivity and Reduced Workload:
The IdentityNow Access Request service empowers IT to automate the process of granting or denying unplanned access requests based on a set of easy to create policies. Further, these policies allow IT to delegate responsibility of granting or denying these requests to the system owners who are likely more familiar with the application and its uses. This speeds the time it takes for users to access the applications they need. It also removes the burden on IT, which means they can be more responsive to other user needs.
Improved Security and Compliance:
Creating policies for unplanned access requests help IT protect the integrity of the business by closing the risk vulnerability gap left by solely relying on provisioning. Further, delegating access request approvals to those most familiar with the application reduces insider misuse and noncompliance, which are the greatest risks posed by excess provisioning. Finally, by making it easier and faster for users to get access to the resources they need within policy, users are less likely to use noncompliant and rogue workarounds.
Encourage Innovation in Workplace
With IdentityNow Access Request, IT and security teams can establish a secure, cloud-based self-service platform for requesting and approving access to resources users need to do their jobs. For users, this means quickly accessing new and different applications that allow them to work smarter. For IT, a workload devoid of tedious tasks such as granting or denying access approvals frees up time to focus on more strategic projects.
Focus on Your Business with Cloud-Based Access Request
Security, compliance and efficiency are all incredibly important and often drive the decision for IT to purchase solutions for their most pressing issues. Identity-based provisioning is no exception. Thanks to IdentityNow Access Request, IT and security staff can enhance their provisioning capabilities, empowering IT and security operations staff to focus on the identity program – not worrying about managing or updating the solution. This means they can focus on creating policies that make compliance easier to demonstrate. Focus on securing all of the potential vulnerable areas within the corporate network. Focus on keeping the business focused on its business.
Find out how SailPoint can help your organization.