More

    10-Step Identity Access Management Process Design

    Identity Access Management (IAM) is a critical step in the process of securing company resources, while allowing users enough access to get the job done. Accessing data is only one component of identity and access management. Once a user has access to data, what should they be able to do with it? Should a user be able to modify or delete it? Should they be able to FTP it off to another site outside the company?

    According to Steve Jensen, VP/CISO of Carlson Wagonlit Travel, there are four reasons to undertake an IAM project: regulatory compliance, enhancing security, making security operations more efficient, and making it easier for business units to interact with security.

    Jensen has outlined the following 10-step program to a successful IAM project.

    10-Step Identity Access Management Process Design - slide 1

    Click through for 10 steps to a successful IAM project, as outlined by Steve Jensen, VP/CISO for Carlson Wagonlit Travel.

    10-Step Identity Access Management Process Design - slide 2

    Establish an identity warehouse of access privileges that incorporates password self-service functionality. Platform coverage should be a key factor in the purchasing decision, as well as the ability to incorporate directory services.

    10-Step Identity Access Management Process Design - slide 3

    Either build or purchase a role management product that meets business requirements, giving users the access they need but no more. At a minimum, the product should include role management, role mining, and role attestation.

    10-Step Identity Access Management Process Design - slide 4

    Define entitlements based on business terms, then map one or more access groups to the application entitlements by leveraging documentation, comments and description fields. Combine like groups that have been applied on multiple platforms.

    10-Step Identity Access Management Process Design - slide 5

    Have business managers validate that assignments of application functionality to users are correct.

    10-Step Identity Access Management Process Design - slide 6

    Establish a request system for changing users’ access rights to a request by application entitlements instead of IT group lingo. Ensure that a granular review process of access rights is available.

    10-Step Identity Access Management Process Design - slide 7

    Create enterprise roles that can be applied across departments to multiple users. Role ownership should be assigned, usually to a specific manager. Workers can be assigned multiple enterprise roles.

    10-Step Identity Access Management Process Design - slide 8

    Validate the assignments of enterprise roles to users, and provide drill-down review capabilities to entitlements.

    10-Step Identity Access Management Process Design - slide 9

    Change your request system to request enterprise roles instead of or in addition to application entitlements. Ensure a granular review process of access rights is available.

    10-Step Identity Access Management Process Design - slide 10

    Provide mutually exclusive entitlements and roles that do not allow a person to have both, thus avoiding potential conflicts of interest.

    10-Step Identity Access Management Process Design - slide 11

    Apply IAM to customers, suppliers and business partners through an automated self-service process.

    Latest Articles