Information Technology Reference
In-Depth Information
First Things First - Objectives of Identity and Access
Management
Before we get all excited and dive into the details of our solution, it's
critically important to understand why you may need an IAM solution in the
first place. Far too many organisations jump into the product procurement
activity without a clear understanding of what they intend to achieve from
implementing IAM. The term “Single Sign-On” is often used synonymously
with IAM, but while this is readily understandable to end-users, it's only a
nice-to-have in the larger scheme of things, and the business case simply
doesn't stack up when that is the only planned benefit. Fortunately, it so
happens that IAM is about a lot more than Single Sign-On.
Put simply, the drivers for IAM usually revolve around three considerations -
Risk & Compliance, Cost Reduction and Convenience. Typical objectives, in
descending order of importance, are:
I Risk & Compliance
1.
To secure information assets and restrict their access only to legitimate
users through authentication and authorisation, and to protect against
business, legal and reputation risk arising from inappropriate access
2.
To ensure compliance with enterprise security policy across all
applications and information assets (e.g., through password policies,
role-based access control, etc.) and meet internal and external audit
requirements
3.
To ensure accountability through role-based access, approval processes
and audit trails of relevant user activity (e.g., logins, failed logins,
application accesses, etc.)
II Cost Reduction
1.
To reduce the effort (i.e., support staff headcount) involved in manual
provisioning,
de-provisioning
and
user
management,
through
automation and self-service, especially with increasing volumes
2.
To eliminate or reduce the cost of errors, delays and inefficiencies
arising from manual processes and other elements of waste (e.g.,
orphan accounts, unused storage, etc.)
 
Search WWH ::




Custom Search