My expertise is Identity and Access Management. The ability of taking technology and molding it to the business. Not the other way around. If you have to change the business to meet a particular technology, then find a more flexible tool. Don’t misunderstand me, you will make changes to the business, but in the direction of optimization, efficiency improvements, and figuring out what to do with the time and money saved. If you have to change the way you approve requests, escalate, or change your gears to match a tool, that’s wrong.
I could speak for weeks on Identity Management and could go on for a few more. But I wanted to tell a story that is textbook on a realization to what Identity Management truly means to an Enterprise.
My current position is not directly working in the Identity Management strategy or day to day use, but I am in the shadows seeing the pain and suffering from it’s current implementation. For a long, long time I have been asking around about the strategy of IdM and where it’s going. For at least a year, all I have heard about the “massive” automated provisioning project. We will have automated provisioning, automated provisioning will make our on boarding faster, and so on.
What about the rest?
Then today there was an emergency meeting, a request for information with a needed 2 hour turn around, an audit request for something months back, and an account termination process. All 3 failed for how long it took, yet all 3 could have been served very easily from the Identity Management System.
I had a phone call from an individual scrambling and stressing out about it and I sat back and I said this – “Take a look at the email request you have… THAT’S Identity Management.” The lightbulb finally went on. He got it. He saw the business process problems and the gap between that and the requests that were 100% IdM related.
Provisioning should be 2 weeks tops of an Identity Management project. I can write you a ‘provisioning system’. There are thousands of programs out there that provision. Whooptie Doo, congratulations you created an account on a target database….so what? How did that account get provisioned? I am not talking about the technical creation of a username and password, what was the business criteria that put that account in the place it’s in with the access it was granted? How do you manage the lifecycle of what that account has access to, new access, old access, preventing conflicting access? How do you ensure the right people approved it’s use? Can you see all the touch points and DE-provision in one swipe? Can you go back in a snapshot of time and see what someone had access to 6 months ago instantly?
Most importantly, can the Audit team, managers, compliance officers easily access this information themselves or do they have to rely on the technical services team to dig out the data for you and takes days or weeks to do?
Taking all the business tasks that occur around an identity and you just realized what Identity Management is. If all you hear about the complexities, technical challenges and other filler excuses for provisioning and nothing else…you might need to take a closer look at things.
It’s not just about provisioning, it’s how you provision and everything else than happens after that.
Is the Identity Management System a digital mirror of my business processes?
End of Line.
– Posted using BlogPress from my iPad
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.