Newsletters Welcome, Guest Log In | Register
Blogs:

Mike Vizard

IT Unmasked

Revealing the Business Value of Innovation

About this Blogger RSS

< Previous | Next >

Subscribe

Sign up now and get the best business technology insights direct to your inbox.

  • Daily Edge
  • CTO Edge Update
  • Business Tools & Templates
  • Aligning IT & Business Goals
  • Maximizing IT Investments

0

Determining Means and Opportunity

Posted by Michael Vizard Oct 7, 2009 3:29:26 PM

One of the issues that nobody seems to want to really address inside or outside of IT is who exactly is responsible for identity management.


With a specific domain, everybody wants to manage access rights. For example, the people running applications want to control who has access to what applications. The networking folks have any number of directories that track identities. And somewhere, there are usually security people who think that identity management belongs to them.


But nobody seems to want to be responsible for managing identities across the enterprise. So the end result is that nobody is exactly sure which individuals have access to which systems. And invariably, it comes as a surprise to them when a system is compromised by an internal employee whom nobody knew could access whatever they were not suppose to access in the first place.


Of course, auditors are now making a small fortune mapping this out on an hourly basis. But what if there was a way to automate the process of discovering who had access to which systems and applications? And once that was established, what if you could attach a score to an individual that would identify the level of risk to the company as a whole associated with any specific individual?


Besides the massive savings generated in terms of reducing the amount of time auditors need to spend crawling over your organization, the overall posture of your organization in terms of risk management would be greatly enhanced.


Companies such as SailPoint, IBM, Oracle and CA claim to have developed just such a capability, which industry analysts refer to as identity governance. There's even an identity governance framework developed by The Liberty Alliance. And while the issue of having to deal with any number of identity management schemes is not likely to go away any time soon, simply figuring out who has the means and opportunity to do your organization harm is the first step toward identifying where the real risks to the business actually lie.

 

Of course, if you read the headlines about security breaches these days, it's pretty clear nobody seems to be really responsible for identifying who has access to what, which may account for why there isn't a whole lot of appreciation for identity governance either.

Related Content

Add a comment Leave a comment on this blog post.

There are no comments on this post

Related Content

Browse

Topic: Identity Management

Increased security and productivity both rely on efficient identity management

Blog: Intellectual Property Theft and the Role of IT

Article: The Expanding Footprint of the Privileged Identity Management Challenge

White Paper: Buyer's Guide for Identity Administration

Related Topics

IBM, Oracle, Risk Management

Featured White Papers

Browse

Software Forum: Information On Demand Virtual Experience

This interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.

Performance Under Pressure: The State of Enterprise Web Application Quality and Availability

This research study finds that Web application issues are an all-too-common problem and examines these Web-based enterprise application issues from two perspectives: that of an online customer and that of a site manager.

Resource Centers

Browse

Virtualization & Business Continuity

Virtualization solutions, management tips and industry insights to promote and insure the lifespan of your business.

Featured Whitepapers

Rethinking Business Continuance — Driving Data Availability Up and Costs Down

Enterprise Manager

Tools, best practices and expert advice on managing your enterprise IT infrastructure, databases, and Web service components.

Featured Whitepapers

Enterprise Management Flyover

Security Information and Event Management

Best practices, strategies and technologies to help you use security information and event log management efficiently and effectively in order to get business value in terms of increased security, reduced risk, regulatory compliance and increased business agility.

Featured Whitepapers

The Top Ten Insider Threats and How to Prevent Them

Optimized Infrastructure

Hardware and software tools to create an enterprise infrastructure for data and business optimization.

Featured Whitepapers

Creating a Dynamic Infrastructure Through Virtualization

Premium Tools

Browse

IT Manager Development Library

Learn all the basics of IT Management: budgeting, staff motivation, business planning and more with this unique eBook bundle.

Learn more >

Windows 7 Upgrade Project Kit

Moving to Windows 7? The Windows 7 Upgrade Project Kit is the ideal support tool for managing all phases of an organizational upgrade to Windows 7. The tools and templates in this kit will help you develop a strategy and map out the implementation tactics which link your Windows 7 deployment to your company's bottom line.

Learn more >