SECURITY INSIDE OUT
Most regulated information originates and concentrates in databases. Myriad end users access regulated information in databases via business applications (HR self-service, CRM, etc.). This requires a centralised and consistent policy control and auditing across any vendor business applications.
End users copy information beyond databases and applications, generally in the form of documents (e.g. sensitive reports). These copies proliferate hugely in number and location (e.g. to unmanaged servers and web sites and corporate and home computers, inside and outside the firewall). Identity management solutions should use encryption to retain control over all copies of these sensitive documents, regardless of where they are located, inside and outside the firewall.
So why is Identity Governance hard to implement?
- The first major challenge is to do with multi vendor point solutions. There wasn’t a single vendor, offering a holistic governance solution and hence most of the enterprises ended buying and implementing multiple products from different vendors. For example, there was one product from one vendor that handles only provisioning, another product from another vendor handling compliance and yet another for privileged access. But as regulatory and provisioning requirements continue to grow and change, such multi-vendor solutions increase the costs of managing and integrating these products. The integrations are often complex and brittle and require specialized knowledge in multiple tools. This also results in vendor dependency for support.
- Expensive customizations. In today’s IDM world, business users are getting more involved in driving the whole governance initiative. Requesting access, defining workflow, defining delegation and certification policies are no longer considered to be IT functions. Such business centric requirements demand the product interfaces to be easily extended and customized but often requires complex coding and configurations. Such customizations are also not durable and requires reconfiguration when its time to upgrade to the next version of the product. This results in longer deployment cycles, prohibitive upgrade and maintenance costs.
- Scalability. Nowadays Identity management solutions are required to handle 1000’s of applications with millions of entitlements associated with it and it is critical for business to rapidly onboard such applications and make it available to their end users. Application on-boarding is time consuming as it involves complex integrations with multiple target systems. As a result, customers usually resort to third party help desk ticketing systems, which makes the deployment further disintegrated and hard to track.
- We have embraced 2 major strategies to make your implementation more easier and cost effective.
- We have taken a cohesive platform approach that unifies our request management, role management, privileged account management and certification products as one solution. Platform does not mean just integrating our products, but employing a common architecture and making use of common services across the products.
- Modern Tooling: very often, if you have to code during an implementation, that is the point in the project where things begin to break down – we have changed our approach to focus on configurations using browser based modern tools, and not coding.
So let me go into more details about each of these strategies
- Enterprises need to ensure users have sufficient access privileges to perform their job functions, but for compliance and security reasons it’s also vital to monitor such access. Often users do not know what to request and it is important to make it easy for users to acquire access. But this efficiency would require certain compromises in the security controls. The stronger the security controls, the harder it becomes to acquire access. To mitigate this risk, there should be enough compensating controls in place to ensure that they are not misusing the access granted to them.
- The platform approach is designed to help enterprises balance these objectives of access, security, and compliance.
- As depicted in the diagram, the Access catalog is at the heart of the Identity Governance solution. This enables your users to easily find and request access, check-in/check-out privileged & shared accounts and perform role lifecycle management. Once access is granted you can monitor the access rights via Identity certifications, IT Audit Monitoring, Rogue access detection and audit and reporting functions.
- We believe that, treating IDM functionality as services that can be reused, is the key to simplifying IDM implementations.
- Obviously this only works for vendors that have all of these key services but you do not need to buy everything to get the benefit, but the more components that you assemble, the bigger the savings