The Leading Educational Resource for IT Professionals
MC Press Articles
Access Control Identity management Provisioning

Identity Management - Why Is the Level of Interest So Low?

by Graham Williamson April 11, 2017 0 Comments

At a time when managing identity information, and leveraging it for business purposes, is becoming increasingly important, interest in the topic of identity and access management is not keeping pace. Not only is there a lot of money to be saved by automating provisioning, it also significantly de-risks access control within an organisation. As more security tools leverage identity stores, getting provisioning right has never been more important.

Technology is advancing so fast that many CIOs have delegated identity and access management to members of their staff. While there’s nothing wrong with delegation, in fact, it’s the mark of a good manager, it’s still necessary for the CIO to stay in-charge; you can’t manage something that you don’t understand. In many companies system administrators are setting policy. They are configuring firewalls, deploying directories and managing encryption keys to their own “best effort” level. The danger is: the system admin often does not have the corporate perspective to allow him/her to perform the functions in which they are engaged. The C-level should be determining access control policy for firewall configuration, they should set the directory strategy to which the architecture should adhere and they should mandate key ceremonies to ensure encryption keys are appropriately generated and managed.

There’s an increasing need for CIOs to understand the business. They should no longer simply manage IT strategy, they need to understand how IT supports the business. They must know enough about business processes so that they can recommend where digitisation can assist and, more importantly, where it’s necessary.

For instance, vendor-managed-inventory is a well-entrenched business strategy; approved suppliers are given access to inventory levels and told not to let the supply of their product run out. To do this suppliers need to be given access to the appropriate system so that they can forecast requirements and ship accordingly. Most companies set-up a generic account for each supplier, which is bad practise. Federated authentication is the preferred approach or a provisioning system with an approval workflow used to provide an approved level of access control. Note: if a password expiry policy is implemented within an organisation, external suppliers should typically be in a separate AD group with no expiry; security should be maintained by periodic attestation reporting and a workflow to disable accounts on expiry.

This series of blogs looks at the major components of identity and access management to encourage discussion and raise awareness. The objective is to assist organisations in managing their identity environment so as to avoid a compromise.

Graham Williamson is the author of “Identity Management: A Business Perspective”.

Graham Williamson
Graham Williamson

Author


Also in MC Press Articles

Authentication Consumerization Identity management
Customer (Citizen) Identity and Access Management

by Graham Williamson June 13, 2017 0 Comments

As a major trend in the IDM sector, consumerization has become easier and exponentially more important. Digital transformation will literally put a significant segment of the SME market out of business and propel a significant number of SMEs to new levels of prosperity.

Continue Reading →

Access Management Authentication Federation
Federated Authentication – there is no Plan B

by Graham Williamson June 05, 2017 0 Comments

Federated authentication is essential for businesses. It's the only way to effectively manage external access to business systems and it's absolutely necessary in order to manage authentication to SaaS apps. if you don't want to expose your identity records to potential compromise.

Continue Reading →

ABAC Access Control Authentication Authorization Identity management RBAC
Access Control – RBAC & ABAC

by Graham Williamson May 04, 2017 0 Comments

Access Control is the core of the identity and access management task. Once we have correctly provisioned user data into the enterprise’s identity service we need to leverage it for access control. The vast majority of organizations use role-based access control, but increasingly, access control based on attributes is gaining traction.

Continue Reading →

Subscribe

Sign up to get the latest on sales, new releases and more …

Recent Articles

Categories

About us

MC Press Online, LLC is the world's leading provider of educational materials for IBM Power Systems (System i, eServer i5/iSeries, and AS/400) professionals. Our mission is to deliver hands-on, nuts-and-bolts information about current and significant new technologies in the IBM field, so you can be more productive on the job and get more out of your career.

MC Press offers books, ebooks, and electronic publications that take you inside the technology, so you can find out how to best leverage the power and potential of your IBM platforms. Our books cover a wide range of topics--from hands-on, how-to programming to the most advanced communications, connectivity, and security issues facing the industry today.

For the latest news, analysis, in-depth technical articles, programming code, case studies, product reviews, and much more delivered to your email inbox, take a look at our free electronic publications: Online Newsletters.

To pick up valuable tips from your peers, check out the MC Press Forums, and don't forget about our MC Press Buyer's Guide, where you can find computing and technology solutions for all your IT needs.
Sign Up for our Newsletter

Subscribe to our newsletter and always be the first to hear about what is happening.

Main menu
Footer menu

© 2019 MC Press Bookstore.

Designed by Out of the Sandbox. Powered by Shopify

Amazon payments American express Diners club Discover Jcb Master Paypal Shopify pay Venmo Visa