Why Identity Matters in a Strategic Identity and Data Management Programme
April 03, 2019
What we know matters but who we are matters more. – Brené Brown, Daring Greatly
We live and work in a world where access to information has become more entwined with our identities than ever before. As individuals, we try to guard what makes us unique and take steps to protect it. Because of the complexity of the digital world, and its reach into all aspects of our lives, protecting our identity has become more of a challenge for us and for the businesses and organisations with which we interact. The Future of Well-being in a Tech Saturated World discusses the deep concern surrounding the impact of an increasingly digital life.
Because of its uniqueness, our identity has become critical in the business world. What we can see, the information we have available to us and the actions we can take with that information, are all tied to identity. The use of identity is not a new phenomenon, and neither is the use of identity to attribute access to systems or applications. But with device proliferation, mobility and digital transformation, the challenge to manage and ultimately limit a user’s access has become a complex and critical function for a modern business.
Identity at the Centre of your IDM
All organisations have data that they should and must protect, including employee Personally Identifiable Information (PII), customer details, transactional information, money transfers, stock levels, supplier costs and proprietary process details. What’s consistent across all types of data is that the loss of confidentiality, integrity or availability can cause both reputational and financial damage to the compromised organisation.
As such, a process for managing access to this data must be part of the overall security strategy for all organisations. The strategy must ensure effective and efficient data access governance by using a comprehensive Identity and Data Management (IDM) solution that aligns with the wider goals and aspirations of the organisation. As a result, an effective IDM programme must be comprehensive and holistic, covering all types of users (internal, external, consumer, supplier and remote) and levels (permanent, temporary and privileged) in a seamless, straightforward manner.
Efficient Business Processes
Modern IDM programmes provide many capabilities to help drive business efficiency and reduce Operational Expense (OPEX) costs. These capabilities reduce the impact on the business in multiple areas, including reducing support desk tickets, providing speedier access to accurate audit information, automating provisioning, improving user experience and improving governance processes.
IDM and Reduction in Workload
Often, the most frequent request on help desks is for a change of password following either a system lock-out or a user forgetting their password. While the volume of password changes will depend upon the individual business, studies show that around 30% of all help desk calls are password related. While the process of changing a password does not appear to be complex from a user perspective, the governance process around the change must be rigorous and should check, for example, the requestor’s identity, ownership of the account to be changed and the reason for the change. The actual password change itself and the secure communication of the new and valid password must also be considered. Providing a self-service password reset capability via an IDM programme will reduce the impact on help desk systems by reducing ticket load both on the system and on the remediation teams themselves.
Improving User Experience and Avoiding Inappropriate Access
A frequent issue raised by both management and users is that the time it takes for provisioning teams to grant access to systems is far too long. Another issue is that multiple steps are required for that access and not all of those steps were carried out. The use of IDM automated provision capabilities can address both of these challenges by providing rapid and accurate changes to access levels. User experience is improved, repeat calls are reduced and user access levels are as expected and appropriate for the user’s role. This same capability also ensures that effective access levels are removed when a user changes roles or leaves the business, a process often neglected and one that frequently leaves unknown back doors into systems.
Business Alignment and IDM
The management of a user’s identity and the access that identity provides is not an IT function.
In many organisations, system owners or business units’ managers still hold the perception that managing access to information is purely an IT function and is not within their sphere of responsibility. This apparent willingness to detach the business from the critical process of managing a user’s access to data must be addressed — and prevented — as part of a strategic identity security strategy. While the management of an IDM programme and the integrity of the data within it should remain an IT function, the responsibility for ensuring that appropriate access is allowed and accurate data is provided to the IDM system must be held with the business units and the data owners. They (humans) are the custodians of the data and understand its purpose and use.
The need to access identities held within an IDM environment is driven by the business’s needs. Identity information falls into the remit of Human Resources and provides the base details for all employees or contractors working for the organisation. Entitlement information, on the other hand, is derived from the managed systems and controls users’ access within that system. Both types of data must be aligned to the organisation to allow the deployment of business-based roles, within a business context, to known individuals currently employed by the organisation.
The business alignment of this data, and the regular provision of accurate, up-to-date and consumable data feeds, will allow the IDM system to provide a single view of all the access allocated to an individual. Subsequently, business owners can regularly recertify this access to ensure they understand and approve all user access levels to the data for which they are responsible.
Keeping identity centre stage in your security strategy will help prevent breaches and the misuse of personal data. Taking a strategic approach is imperative to enabling business growth and strengthening security.
Maximise the value of your identity programme and streamline operations in your business. Download our eGuide to learn more.