The identity and access management (IAM) market is experiencing a renaissance with the emergence of new options for how and where to deploy IAM technology, both on-premises and as a service. At the same time, most organizations are struggling with how to best utilize the IAM solutions they have to manage their changing world of IT infrastructure. New technologies like cloud and mobile are being mixed with established mainstays like SAP, Oracle and RACF and all must be managed with an increasing focus on governance, compliance and automation. However, regardless of the delivery model selected, and whatever the mix of applications being managed, many best practices of IAM remain unchanged.
As we look back on what we’ve learned in the industry so far, and we lay out a path to the future products and solutions for tomorrow, some basic and very simple patterns (or tenets) of IAM approaches emerge that can help guide a solution and a deployment today and 10 years from now. This slideshow features five of the critical IAM tenets, identified by SailPoint, that are necessary for defining, securing and managing identity across the enterprise.
Click through for five critical IAM tenets that are necessary for defining, securing and managing identity across the enterprise, as defined by SailPoint.
Think identity – not account
Even before the advent of cloud computing, we learned that more often than not, an end user in an organization typically has multiple accounts and multiple entitlements per person across the infrastructure. If an enterprise only focuses its IAM program on managing at the account level, it will never get the total visibility needed to properly know “who does have access to what.”
Understanding the relationship between the identity and the account, between the account and the entitlement and between the entitlement and the data/information that it protects is key. By centralizing data around an identity, enterprises have a single place to model roles, policies, and risk to support compliance, provisioning, and access management processes across the organization.
Visibility is king! Silos are bad!
While new technologies like cloud and mobile are being mixed with established mainstays like SAP, Oracle and RACF, all enterprise applications that contain valuable or sensitive data or perform mission-critical operations within the organization must be managed with an increasing focus on governance, compliance and automation – in one single place. This allows the IT organization to leverage common detective and preventative controls to ensure they have an enterprise-wide view of identity data, which can help the business and IT effectively analyze risk, make informed decisions and implement appropriate controls in an automated and more sustainable fashion. Many of today’s cloud-based identity solutions only manage cloud apps – so they require implementation of a second solution, or the organization is left exposed.
Full lifecycle governance is required
It is critical to always manage the lifecycle of an identity by tying it to the business policies and business owners that are responsible for it. We must allow detective and preventative controls to span the entire lifecycle of an identity as request, review and revocation takes place. By embedding policy and controls throughout the full identity lifecycle process, enterprises can achieve ongoing, sustainable compliance and reduce the need for after-the-fact remediation.
Consistency throughout the lifecycle
It’s more important than ever to apply centralized, automated controls and policies to keep key identity business processes safe, secure and compliant. Adding consistency and repeatability will allow enterprises to strengthen their controls, work more efficiently, and promote good governance policies over the long term. Additionally, cloud apps should always be handled using the same processes and centralized controls as the applications in the data center.
User experience is everything
IAM tools and technology must continue to evolve to more closely mirror the user experience that consumer-focused technologies provide. Having the right overall user experience for IAM is a critical part of achieving widespread participation from business users inside and outside of the enterprise. The right user experience is key to ensuring that organizations get active ongoing participation from business users throughout the identity lifecycle. The user experience has to be part of the business flow, not apart from the business flow.