Jim Marshall shares five identity governance best practices to help build a successful IGA program.
Implementing Identity Governance presents a variety of initiatives and choices, and these projects tend to have similar pitfalls and problems. Over time, lessons learned have become the benchmark for success. Applying best practice means learning from the experience of others to implement your Identity Governance core processes.
Here are several identity governance best practices to help your organization have a successful IGA project.
Before you continue reading, how about following us on LinkedIn?
Five Identity Governance Best Practices
1. Identity data is your linchpin to Governance
Your Identity data provides critical information for Identity Governance to function as a whole. For effective governance, you’ll need to establish an accurate user identity within your organization’s system. This identity must uniquely identify the user, their relationship to the organization, who they report to, and the job function they perform. An equally important requirement is timeliness. Timely updates for the following critical identity data values eliminate re-work and improves the accuracy of certifications and requests. Data quality is key to a successful IGA project.
- Manager/Direct Reports
- Organization / Department / Jobcode / Location for role changes
- Employee Status changes
2. Get a total picture of a user’s access
The primary user account only supplies one facet of the access an individual has. Administrative accounts, Privileged accounts, and Cloud-based accounts are additional pieces of the total picture. Linking these accounts to their specific owners and evaluating all the access improves identity governance to reduce your risk exposure.
3. Establish a continuous compliance approach
Many companies start with the certification of all the user accounts – based on compliance directive. While periodic reviews satisfy this requirement, it’s the time in-between that may be exposing the organization to a security or data breach. An Identity Governance system with a joiner/mover/leaver approach to reviews becomes a risk management asset. As users are hired, move to different roles, or leave the organization – access requirements change, and these touchpoints are the times for evaluation and action.
4. Help your decision-makers make decisions
Certification reviews are challenging for business managers and application owners. Presented with an overwhelming amount of data, and without any relevant information to make a judgment – the unfortunate outcome is often – Select All, Approve, done. The most significant factor in obtaining better results while reducing the time and effort of reviews is the use of Roles. A Role is a group of permissions related to specific job duties – and, thereby, a user’s job function determines what access they need. Application Permission and Group names may be relevant to a security administrator – but certainly not to a business manager. Both inside or outside a role, business-friendly Permission descriptions are necessary to help them to assess and decide.
5. Use your Analytics
Whereas a certification review provides a line-item assessment on a per-user basis, the Analytics feature of an Identity Governance application provides the capability to compare and contrast user access over a group of users. Here you can identify access left behind from a previous job function, added just as a temporary need, or belongs to an application no longer in use. Now, specific reviews can be generated only for the outlying permissions upon the individuals holding them. The actions taken as a result of using analytics are a measurable improvement in security that can be presented to your stakeholders, compliance team, and auditors. Here are several more best practices.
What other Identity Governance best practices would you add to this list?
This article was written by Jim Marshall, IAM specialist at Idenhaus Consulting.
Idenhaus is honored to be featured in the Top 10 Identity Governance and Administration Consulting/Service Companies of 2019.
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us