|
How can an organization move beyond complicated and un-optimized account access approval processes that no longer scale, take too long, and require too much manual intervention? How can organizations eliminate processes that today lead to “rubber-stamping” approvals, weak security controls and very large risks of non-compliance with various regulations? There are software tools that address these problems. Software with automation components have the ability to augment existing processes with documented and regimented gates and goalposts that ensure proper approval by the correct personnel, correct rights assignment, and a speedy completion to pending requests. With the right software in place it is possible to set the correct level of centralized control while similarly enabling the decentralization of responsibility along with a quick approval timeframe. Fully realized, these components eliminate costly mistakes that can occur when manual access changes aren’t completed properly.
Let’s start with the concept of delegated user administration. In large organizations, the sheer number of business units, teams, and individual team members inhibits the ability for any one group of people to recognize the needs of everyone. Gone in large organizations are the abilities for the Help Desk alone, or in cooperation with a team of managers, to recognize the worth and validity of all rights requests as they are made.
Nearly all rights requests require some form of approval prior to assignment. So the problem lies with the complexity of the organization itself. Creating and managing spreadsheets of accesses crossed with approvers becomes operationally impossible as the organizational structure grows complicated. With fluid personnel turnover and team composition, the task of determining who reports to who can be a near impossibility without the proper automation in place. Thus, as an enterprise scales, one effective solution is to offload the responsibility for access approvals away from centralized Help Desks and to the teams themselves, with systems that also enforce consistency across the organization and centralized control of policies and processes.
Delegated user administration with centralized controls empowers the team and its managers with the capability of internally handling and resolving the need for access – but ensures consistency across the organization. In fully realized implementations, the actual granting of that access becomes a part of the approval system as well. This gives individual teams and business owners the ability to better understand, manage, and handle their own access needs, knowing they are also adhering to organizational policies and regulations. It also alleviates centralized Help Desks from the onerous task of tracking the “right” people and the “right” systems to provide the “right” access.
The enabling force behind delegated user administration is a solid workflow engine that handles and enforces corporate policy, team policy, and the policies of application and system security within a secured, transactional interface. That interface, accessible from the desktops of teams and business units everywhere within the computing environment, delegates the responsibilities for user administration. Its stringent workflow improves the speed of assigning access while at the same time ensuring that accesses are being granted appropriately using the proper approval channels.
Automation components exist that provide the correct level of control over these processes. Lacking those components adds an administrative cost to the organization. By doing nothing to automate the workflow of and delegate the responsibility for user access, the enterprise is exposed to a set of liabilities that impact its efficiency, agility, and security:
- Efficiency—Lacking automation systems and forcing centralization of user account control unnecessarily overburdens Help Desk assets with costly requests. This pulls technical talent away from the task of solving IT problems and relegates them to administrative workers tracking accesses and approvers.
- Agility—With centralization in place, as the organization grows, it becomes more unwieldy to support the needs of distributed teams, multiple business units, and systems across the business network. This incurs a cost due to an extension in the amount of time needed to fulfill access requests, reducing employees’ timely ability to get their jobs done.
- Security—Using manual systems for access control such as paper-based forms or overthe- phone requests, there is a greater capability on the part of disgruntled employees to game the system to their own ends. The element of human error also adds the potential for inappropriate access assignment.
|
