AllH2FY20 You can get IAM right: Access Management
H2FY20 You can get IAM right: Access Management
Westley:
Give us the gate key.
Yellin:
I have no gate key.
Inigo Montoya:
Fezzik, tear his arms off.
Yellin:
Oh, you mean this gate key.
The Princess Bride - 1987
governance matters. This section will address the foundational concepts of access
management.
It’s a simple equation: Authentication + Authorization = Access. Even though it may
be a simple concept, the realization of it is much easier said than done.
Access Management – After all,
So why do we struggle to get it right?
The vast majority of organizations spend most of their IT focus on the day-to-day
tasks associated with granting access. Their never-ending focus seems to be on
if you can’t get to your stuff,
making IAM processes as efficient as possible. But, once again, the challenge is
complexity and diversity.
You know that with every system, a point of authentication and an account must
what’s the point?
be set up (‘provisioned’) for user access, including a password that must be
maintained. These tasks usually fall on IT because they have the administrative
rights and tools to set up accounts and enforce password security rules, as well as
reset passwords, when necessary.
This complexity is well illustrated by data from The Aberdeen Group, who
surveyed thousands of companies with an average size of 21,000 employees on the
current state of their IAM approach. Results show a tangled web of complexity that
traps organizations in the lower tiers of the pyramid.
•
It’s all about access … isn’t it? The only reason
potentially 198 places where accounts must be set up and managed, 198
different passwords and password policies, and dozens of IT professionals
technology exists is to make people’s lives
easier. The only reason the IT department exists
is to make people’s use of technology easier. And
just to support users on this wide range of applications.
•
many of your users can remember 13 different passwords? And who has to
help them when they forget?
days is that there are outside forces that demand
•
to do their jobs. And who is responsible for setting up those accounts? How
many IT teams must be involved to ‘fully’ provision a user?
It could be the threat of a nefarious party from outside of your organization trying
across information that you would rather they not see. Perhaps it’s the threat
of some pencil- pusher throwing the book at you for some rule you never knew
existed. No matter what the scenario, managing access is a requirement of today’s
business world.
As discussed in the earlier chapter on fundamentals, the foundation for everything
is access. When access is broken, no amount of security, control, management or
4
On average it takes 12 hours to provision a new user. That’s a full day
and a half where users are being paid, but don’t have the access they need
technology.
to steal data, break systems, or just prove a point. Or it could be insiders stumbling
On average the typical end user must access 27 different
applications. Even if only half of those require unique passwords, how
the only reason everything is so difficult these
that someone control who can do what with
On average, surveyed companies supported 198 applications. That’s
•
On average it takes 4.9 hours to de-provision a user. That’s more
than half a day, giving a disgruntled former employee plenty of time to do
damage.
For these reasons, IAM has often been considered the realm of ‘provisioning’ and
‘single sign-on.’ After all, setting up an account and giving a user only one password
should eliminate the need for IT-assisted password resets, at least in theory.
Please complete the form to gain access to this content