Security threats are increasingly becoming focused on where an enterprise keeps its critical data: the servers, databases, directories and in other technologies. If these are accessed by unauthorised users, the risk of a business critical data breach, revenue loss, and compliance fines could emerge. With the best of intentions, a simple mistake within a directory-based application among which the above technologies are acting as managed resources can knock out access for many people, and for some organisations, can cost equally impressive amounts of money.
A significant challenge faced by organisations today is related to the implementation of intelligent and integrated management of user activity and their access to appropriate systems. Time, money, and effort are invested in collecting security trends about what is happening. However, the problem arises when getting a long list of "whats" does not contribute much to addressing the issue unless it is paired with the who" and the when. Correlation of identity, event, and data provides the most direct route to identifying threats before significant damage is done, but subtracting any one of those reduces the significance of security information so much that the value is doubted.
Distributed environments and complex data centres are already hard enough to manage. If you add an army of power users within an organisation that needs appropriate access to all this technology, its imperative that an identity management solution is implemented effectively and timely. IT managers need a secure and cost-effective approach to identity and access management by:
1. Centralising and automating administration
2. Eliminating the complexity of managing multiple identities
3. Enforcing controls necessary to achieve compliance
4. Capturing and securely storing audit events and
5. Easily producing meaningful reports.
However, there are three major flaws or stumbling blocks to proper implementation of such solutions. Lets take a closer look.
Flaw 1: Employee de-provisioning
It has been an ongoing problem for organisations to properly de-provision a user who has left the company. Too often, accounts are still active, or some kind of accessibility to enter the corporate network from an external location is possible. This gives an opportunity to take information orif the person is of the right mindsetleave corruptive malware behind. There is a need for organisations to tighten their security measures and workflows for de-provisioning to eliminate former employees accessibility.
Integration with the human resources databases to ensure faster response on the elimination of accessibility is the key. Also, watch shared accounts and be prepared to raise the level of activity monitoring if needed. Finally, automated workflows would be the safest approach to ensure all accounts are dealt with and fully documented so they can always be referenced.
Sign up for Computerworld eNewsletters.