|
Keeping pace with the management of identity information and user access is an ongoing challenge. One source is the explosion in the number of users of various types — employees, partners, contractors and customers. Each of these users, in turn, requires specific accounts and access privileges. Managing these identities, often across multiple IT systems and approval processes, must account for when the user’s identity is first known to the organization, continuous modification and eventual removal of identities or privileges. The net result is a state of growing complexity for the enterprise in trying to meet their users’ needs. Organizations have implemented various processes to keep up with the barrage of access requests and volume of changing identity information. Unfortunately, most of these current “solutions” amount to poorly coordinated, manual processes. The result is too often a fragmented or siloed approach to managing access rights that exposes enterprises to higher costs and risks. This inconsistency also negatively impacts the user, as inefficient processes have downstream effects on user satisfaction, productivity and effectiveness.
Further complicating this picture is the fact that most organizations must secure user identity information, protect sensitive system data and prove their compliance with security regulations. This begins by maintaining all access privileges commensurate with users’ specific roles and responsibilities and terminating that access when necessary. Thus, enterprises need to build in assurances that individuals can use only the assets they need to do their jobs at any given point in time. No more, no less — regardless of how frequently their status might change. Unfortunately, mitigating the risk of over-privileged users and demonstrating that no one has inappropriate access rights can involve many hours of manual identity policy evaluation and analysis. This is very resource-intensive and error-prone — and even more challenging when the goal is proving that there has been no inappropriate access over a period of time. In response, organizations are looking to be more proactive by implementing consistent, predictable identity processes, auditing them and then refining them as necessary.
Balancing the Needs for Efficiency and Security
The traditional security management challenge is in successfully implementing additional access controls without impeding business productivity. Granting users with greater access than necessary is often the default to ensure the user has immediate access in the event they need privileges outside their typical profile, but this also increases the organization’s risk profile. Depending on the organization, the rigor of security checks and balances often takes on greater or lesser importance relative to ensuring a seamless user experience.
By contrast, when it comes to managing the lifecycle of identities, business efficiency and security are actually complementary elements. The challenge is really one of automating identity-related processes in a cost-effective manner and then deriving the greatest return possible from your investment. How do you introduce efficiency into the identity manage ment lifecycle process with a focus on information protection and an enormous volume of users with frequently changing organizational roles and responsibilities?
With thousands or millions of users, maintaining accurate access privileges on an individualby- individual basis would be a nearly impossible task. Beyond granting appropriate access, the organization must also track who authorized that access, when it was granted and proactively certify and remediate user access on a continual basis to meet compliance objectives. The key is in building a strong role-based foundation for identity management and leveraging those combined investments to help address business and compliance goals.
CA’s Modular, but Integrated Approach
CA’s approach to identity lifecycle management involves a set of three related products that together, provide a comprehensive approach to the management of user identities throughout their lifecycles. With the option to implement each individually on a standalone basis, they provide the flexibility to incrementally deploy solutions at your organization’s pace — starting in the areas where you have the most significant need. At the same time, each solution integrates with the others to provide exponential value in a combined solution. This way, you can show immediate gains and position yourself for future growth and additional advantages. With the right foundation firmly in place, you can:
- Create synergies for greater effectiveness and cost efficiency
- Ensure economies of scale with predictable and automated processes
- Deliver higher levels of consistency and quality throughout the identity lifecycle
- Ensure user satisfaction, while enhancing identity-based security
- Create a platform to enable compliance and achieve real business benefits
|
