In the pursuit for higher productivity, employees are using multiple devices and applications while juggling several logins. To ensure the security of critical resources, access management has become a delicate issue. Companies have to make sure that employees are getting access to the right applications and data without spending too much time to get them. Having too much or too little access becomes a problem when both data and time is money.
On the other hand, companies have to be mindful of internal data breaches that can be caused by careless actions such as losing work devices or inadvertently attaching the wrong file to an email. Without an identity and access management strategy that controls access to critical data, the door is left open for security breaches. The upswing in Bring Your Own Device (BYOD) also puts company data outside the protection of the company especially when the device travels with the user. If there are no provisions to eliminate no-longer-needed access, a lot of unnecessary access to critical data goes out of the office.
To prevent internal data breaches, a secure identity and access management (IAM) strategy must move out of the shadows as a “nice-to-have” to a “must-have”. Below are six best practices to help you do just that:
1. Use HR as the Single Version of the Truth
HR involvement is crucial to a successful solution that addresses internal employees as well as external contractors and consultants. Most of these people require access to company resources. Use your HR systems as much as possible as an authoritative source of data for your identity and access management system. This will help you avoid repetitive work, errors, inconsistencies and other problems as the IAM system grows.
2. Unify identity data sources
Implement a single, integrated system that provides end-to-end management of employee identities, and retires orphaned or unneeded identities at the appropriate time. Each disparate system will continue to have its own user accounts. Your integrated system simply maps identities to these accounts.
3. Clean-up identity data
Maintaining directory data in a clean, organized and secure manner is essential. Over time, user, group and service accounts become obsolete and need to be disabled and removed. Having a regular review and clean-up will help maintain secure access.
4. Evaluate organizational data and roles for access privileges and approval workflow
Companies should always be aware of the level of access that employees have to corporate data on the network. Have business data owners manage access to their data and provide central reporting and control where changes can by efficiently managed and documented. Implement a “request and approval” workflow so users and data owners can make request and provide permission as appropriate without requiring IT in the decision-making role for permissions management. Periodic recertification ─ reviewing who has access to what and determining whether they should retain those permissions – will help ensure access to critical data remains secured.
5. Automate user and group provisioning and deprovisioning
To keep your network secure, access management needs to be updated according to employee changes – recruitment, departure or internal shuffle. Provisioning, de-provisioning and re-provisioning are often time-consuming manual tasks, and automating them can reduce costs and errors, and improve security and consistency.
6. Inspect what you expect
All organizations today are affected by one or more industry or governmental regulations, and your IAM solution can play a central, beneficial role in helping your company become, and remain, compliant. Focus on defining and documenting the job roles that have control over your data, as well as the job roles that should have access to auditing information. Define compliance rules step by step, and assign each step to responsible job role. Improve consistency, security and compliance by integrating rule checking into your identity management system and workflow operations, to help automate remediation of incorrect actions.
Effective IAM is a long-term undertaking that must be supported by a strategy focused on security. Having a plan and using automated, integrated solutions for provisioning, compliance and audit ensures that users have only the access they need to do their jobs, and reduces the risk of internal data breaches. The organization can then operate efficiently and agilely, reduce costs and maintain compliance, all while reducing the burden on IT.
Barrie Sheers, Vice President & General Manager, Software, Dell APJ