Picture of blog writer

Blogger: Darran Rolls CSO and CTO SailPoint

September 23, 2016

Identity and Access Management: Not a DIY Project

Take a moment to think about all the data you have, who can access it and who governs it. Does that seem unreasonable? It should. Identity and access management is a robust process that requires strategic use of tools, protocols and processes to manage the mounting data that comes with growing a business. But where do you start when tackling this monumental and crucial task? These seven tenets will help you get started:

Take Inventory

Take an inventory of your data, users and applications in which that data is uses. Using a tool to help wrangle the data into one place is step one in your IAM strategy.  From there, you can assign roles, implement compliance controls and get analytics about your data.

Be Adaptable

Rapid authentication, multiple supported devices and usability are all key qualities in implementing an IAM strategy. This is often a customer-facing solution as well as internal. When your customers can access their accounts via single-sign on, an employee needs their password quickly reset or permissions need granting to a time-sensitive document, adaptability is your friend.

Build Relationships

Identity and access management, while highly technical, is also relationship driven. Knowing how an organization operates and the hierarchy of needs makes implementing IAM more efficiently and accurately. Context is key when diving deep into an organization’s identity needs. Become familiar with the organizational structure of your business and the clients your serve. It will make the process easier for everyone before, during and after implementation of you IAM infrastructure.

Follow the Model

Like the adage goes, “don’t reinvent the wheel.” In the context of identity, that means using models to streamline the process of managing data and users. Models often begin in HR, with new employees, title changes and employee terminations ultimately happen. From Entitlement Models to Risk models, this is a component of IAM that not only makes the process easier, but allows for repetition and scalability.

Assess Risk

Risk management is not only minimizing risk through IAM implementations, but also though having a plan in place when risk becomes reality. Assessing the level of risk with a user means knowing whether they can read or edit a set of data, seeing the volume of accounts they are associated with, and even if they have violated policies within the IAM system. A solid IAM tool will help you assess and manage this risk.

Connect

The architecture of your integrated IT system plays a huge role in how IAM is deployed and implemented. Connectors, API’s and other third party integrations are components that play a role in getting your IAM strategy to its strongest point. Without bridging those gaps, the data is still not in your control. A powerful tool will allow for connectability to a multitude of apps and systems.

Consistency is Key

Consistency in your IAM solution is just as important as the implementation. The user needs to know how to access the data they own and use. In order to scale your IAM solution with your organization, having a set of expectations will make implementation and growth easier, while also securing your data more effectively.

The complexity of IAM strategies can seem overwhelming. It does not have to be so cumbersome, and it certainly isn’t impossible. With the right strategy and tools in place, making sure your data is in the right hands is not only possible but empowering for your business.

For more on how these seven tenets of IAM can help you evolve your identity governance strategy, download the whitepaper here.
 

N.B.: This post is part of GCA's guest blog series, where our vendor partners and other industry experts provide valuable insights on topics around Identity & Access Management and IT Security for our readers.