9 tips for a successful Identity and Access Management project implementation



Similar documents
RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

1 Introduction Product Description Strengths and Challenges Copyright... 5

Oracle Role Manager. An Oracle White Paper Updated June 2009

IDENTITY MANAGEMENT AND WEB SECURITY. A Customer s Pragmatic Approach

1 Introduction Product Description Strengths and Challenges Copyright... 5

Enterprise Identity Management Reference Architecture

Advanced Case Management. Chris den Hoedt

SAM Enterprise Identity Manager

ACCESS INTELLIGENCE. an intelligent step beyond Access Management. White Paper

Identity and Access Management Point of View

Strategic Advice from Top-Performing Brands. Global Recruitment Advice

Identity Management: Securing Information in the HIPAA Environment

Control Tower Introduction

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

A Smarter Way to Manage Identity

THE INFORMATION TECHNOLOGY PROJECT CHARTER

RSA ARCHER OPERATIONAL RISK MANAGEMENT

Securing the Healthcare Enterprise for Compliance with Cloud-based Identity Management

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Foundation ACTIVE DIRECTORY AND MICROSOFT EXCHANGE PROVISIONING FOR HEALTHCARE PROVIDERS HEALTHCARE: A UNIQUELY COMPLEX ENVIRONMENT

Department of Technology Services

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

RSA enables rapid transformation of Identity and Access Governance processes

Invoice automation: Three keys to AP prosperity

Business Intelligence: The European Perspective

ObserveIT User Activity Monitoring

Protecting the keys to your kingdom against cyber-attacks and insider threats

Identity & access management solution IDM365 for the Pharma & Life Science

SAM Benefits Overview SAM SOFTWARE ASSET MANAGEMENT

Identity & Access Management new complex so don t start?

IBM Security Privileged Identity Manager helps prevent insider threats

CYSPA launch event - Turkey

8 Key Requirements of an IT Governance, Risk and Compliance Solution

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

How To Write A Customer Data Analytics Strategy

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

Streamlining Identity and Access Management through Unified Identity and Access Governance Solutions

ENN: SAP Access Control helps ENN to build Regular Role and Authority Risk Management Mechanism

Automated User Provisioning

sponsored by White paper What can CRM bring to your business? A study of the benefits offered by CRM across all areas of the business

Address C-level Cybersecurity issues to enable and secure Digital transformation

Quest One Identity Solution. Simplifying Identity and Access Management

RSA Identity Management & Governance (Aveksa)

Paisley Enterprise GRC Audit Profile. Linda Bergs

Information Governance Workshop. David Zanotta, Ph.D. Vice President, Global Data Management & Governance - PMO

INSERT COMPANY LOGO HERE

Meeting the Challenge of Service Request Management SOLUTION WHITE PAPER

On the Setting of the Standards and Practice Standards for. Management Assessment and Audit concerning Internal

Bringing agility to Business Intelligence Metadata as key to Agile Data Warehousing. 1 P a g e.

Perspectives on Cybersecurity in Healthcare June 2015

Understanding the Business Value of Social Solutions in Sales

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL

Metrics that Matter Security Risk Analytics

Introduction to Customer Relationship Management (CRM) Systems

5 Reasons Learning and Adoption Programs Fail And What To Do About Them

A Comprehensive Cloud Management Platform with Vblock Systems and Cisco Intelligent Automation for Cloud

It s 2014 Do you Know where Your digital Identity is? Rapid Compliance with Governance Driven IAM. Toby Emden Vice President Strategy and Practices

Use This Eight-Step Process for Identity and Access Management Audit and Compliance

Addressing IT governance, risk and compliance (GRC) to meet regulatory requirements and reduce operational risk in financial services organizations

<Insert Picture Here> Oracle Identity And Access Management

Increasing frequency of releases to every week down from quarterly major releases

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

How To Develop An Application

Data Governance Maturity Model Guiding Questions for each Component-Dimension

RSA Archer Training. Governance, Risk and Compliance. Managing enterprise-wide governance, risk and compliance through training and education

SEVEN WAYS THAT BUSINESS PROCESS MANAGEMENT CAN IMPROVE YOUR ERP IMPLEMENTATION SPECIAL REPORT SERIES ERP IN 2014 AND BEYOND

Three Fundamental Techniques To Maximize the Value of Your Enterprise Data

How To Improve Efficiency With Business Intelligence

Customer Relationship Management. EC-Council

Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, :00 AM

Big Data Integration: A Buyer's Guide

The Power of Risk, Compliance & Security Management in SAP S/4HANA

In control: how project portfolio management can improve strategy deployment. Case study

Equinix Increases IT and Employee Productivity with ServiceNow Cloud-Based IT Service Automation Solution

8/25/2008. Chapter Objectives PART 3. Concepts in Enterprise Resource Planning 2 nd Edition

A Closer Look at BPM. January 2005

Transcription:

9 tips for a successful Identity and Access Management project implementation By Antonio TROGU, Technical Manager - Beta Systems White Paper

Introduction More and more IT security incidents impact businesses, regardless of sector, size or activity. Unauthorized access, usurpation of identities, data leakage... businesses can no longer afford to ignore the risk of cyberattacks, nor assume that attackers will never be able to penetrate the information system. This is why leading analysts (KuppingerCole, Pierre Audouin Conseil, Gartner...) emphasize the need to deploy an IAM system (Identity and Access Management) to complete the arsenal of security measures for the company's information system. The IAM projects are now a real priority for anyone who wants to strengthen its cyber security. However, it is clear that many initiatives are hampered by failures encountered by other companies. It is therefore essential to properly prepare the project implementation, both in its technical and business aspects. Here are some best practices that can contribute to a successful IAM project. 1. Build a mixed project team of IT and Business An IAM project is a transversal project that requires soliciting many stakeholders within the organization, typically the IT department but also HR and business managers. Underestimating the need to involve them may be enough to derail your project. Indeed, your project can not be driven solely from a technical perspective. It is necessary to obtain the support and cooperation of the business departments to mobilize knowledgeable parties around the project and be able to rely on their understanding of the company s business processes and organizational structure. 2. Define the project s governance and goals An IAM project with a poor governance process in place rarely succeeds. Firstly, you will need to determine the roles and responsibilities of each participant as well as the different steps of the deployment. Achieving your goals involves a rigorous monitoring and close collaboration between the project team and the vendor s IAM consultants. Make sure that the specifications and goals are mutually understood and documented before the start of the deployment. Any subsequent changes would disproportionately extend the project in time and implementation cost. 3. Reduce customizing to a minimum When choosing a solution, the standard and preconfigured IAM software represent the best strategy, especially because this approach takes advantage of other IAM deployments at other customers. Moreover, it greatly simplifies the integration of new functions as new software versions are released. Abandoning the standard offer for a highly customized system should be exceptional. Standard products from the vendor reduce the costs of implementation and maintenance, and accelerate the deployment. 4. Implement in phases Be pragmatic: deploying the IAM solution on a broad technical and functional scope can bog down the project. Prefer a quick-win approach, with a step by step implementation and achievable milestones. By voluntarily limiting the initial scope to a limited number of target systems, users and features, you'll get results more quickly, sometimes within months. These early returns on investment will help strengthen the adhesion of the company to obtain additional budgets and thus to extend the scope of the project.

5. Connect HR systems Staff movements (new arrival, departure, mobility...) can be reported to the IT department or human resources, with some delay, if at all. These complications may increase when the personnel administration tasks are performed manually or in a decentralized manner. Therefore, initially, the main HR data source must be connected to the IAM system in an automated way, with benefits rapidly measurable: simplified access, increased productivity, user satisfaction... 6. Clean up the data Data quality is key to any successful IAM project. But very often, access rights information are no longer maintained for a long time, and can be messy. As a result, links between accounts and users are missing, some accounts are orphans, others are wrong... This is why an IAM project necessarily begins with the consolidation of user identities (user-id). In this step, the user accounts are assigned to the corresponding persons in the repository of identities. Quickly, cleaning up the data shows a first advantage: the consolidation of user-ids reveals the orphan accounts. 7. Implement roles A role is a set of individual access rights that are necessary for a particular function or task in the company. It is intimately linked to the business processes specific to the company. "Groups" of access rights, called "roles", significantly reduce administration efforts. They are key to automate processes and to implement rules preventing accumulation of certain rights (Segregation of Duties - SoD). But the implementation of roles requires more than just defining groups of access rights. Roles are living objects. They need to be continuously updated and maintained. It is important to designate an "owner" for each role. It will be the responsible for the further evolutions of the role. Therefore, the roles should be reviewed periodically to adapt to changes in the organization or in the IT systems. 8. Introduce risk scoring IAM systems provide a considerable amount of data that needs to be processed to bring up the most risky elements. The identification and scoring of these risks is a powerful tool for sorting the access data, such as users, roles and accounts, depending on the level of potential risks. However, implementing a risk measurement for all of your access rights structure requires time and resources. Using a top-down approach, you can get quick first risk analysis, sorting them by category, and score. You will benefit from the project duration to gradually expand the scope of these evaluations. 9. Provide main features required by the department level Keep in mind that even if IAM systems are mainly sponsored by auditors and IT managers, business departments are also interested. Quickly present first concrete results to the Board helps you to win the support of the entire company. For that purpose, in the early stages of the project, focus on business features to make life easier for end users: for example, a web portal to re-certify the rights of some people, or a workflow to automate approval of rights requests. The satisfaction of business users is a key indicator to demonstrate the success of your IAM project.

Building on its 20 years of experience in the IAM field, Beta Systems offers a comprehensive software suite handling access management to IT resources based on user identities and roles. SAM Enterprise Identity Manager: Automated provisioning and identity lifecycle management. Centralization, consistency maintenance and management of access rights data. SAM Business Process Workflow: Automate business processes that imply access rights, with a powerful engine and a user-friendly interface. Garancy Access Intelligence Manager: Multidimensional analysis of access rights and evaluation of associated risks: business intelligence dedicated to access security. SAM Password Management: Secure and simplify access to applications. Garancy Recertification Center: Run review campaigns of the users access rights based on the risk-level.

About Beta Systems Beta Systems is a leading mid-sized, independent European software solution provider. Founded in 1983, the company develops software that secure data processing of large IT centers, as well as a suite of Identity Management and Access Governance (IAM/IAG) solutions. Beta Systems offering in the area of datacenters and cybersecurity ensures that its 1,300 customers worldwide optimize their IT processes, secure their information systems and meet Governance, Risk management & Compliance (GRC) requirements. Beta Systems clients are market leaders in Banking & Insurance, Finance, Industry, Transport, and Healthcare. Company headquarters are located in Berlin, Germany. Beta Systems has been listed on the stock exchange since 1997 and employs around 300 staff. The company, together with its 16 self-owned subsidiaries and numerous partners, has a strong domestic and international focus. Contact us! marketing-f@betasystems.com +39 02 33 20 22 51 White Paper February 2016 Antonio TROGU, Technical Manager Beta Systems Software S.r.l. Via IV Novembre 92, 20021 Bollate (MI)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information