7-Step Identity and Access Management

By April 20, 2018 No Comments

 * Umberto Rosti

Identity management where to start?

The process seems simple: the company buys the technology to Identity Management, implements and uses. In this case, the logic is not in line with reality, since the vast majority of companies that purchase solutions for Identity Management, Without prior planning and knowledge of the company's needs, they disrupt the project and often blame the solution.

The technology in this case is not responsible for the success of the project, but a good planning, roadmap and understanding of the business involving all areas of the company.

Companies are increasingly mature and certain of the need to have a management that controls your employees' access. After all, there are plenty of examples of corporations that have been harmed by former employees, third parties or employees who are unhappy with the company. Despite this maturity, many companies are unaware of the major difficulties encountered during the technology implementation process - there are costs as well - and eventually disrupt the project during critical times.

One of the great paradigms is that all systems should be automatically connected to Identity Management. This is expensive, time consuming and probably will not work. The ideal is to know the critical systems, both in volume of access changes, and in relation to the security of the company. We can mention ERP, CRM, e-mails and file servers. Identity Management They already have native automatic connectors, which will bring faster return to the project and the company.

The automatic connection of some systems becomes extremely expensive and time consuming, such as legacy systems, usually developed internally and that do not have a well-structured authentication and authorization layer or even systems that do not have a large volume of data. change of access / users. For these cases, using all the intelligence of the Identity Management technology solution, remaining only with the last step of the processes manually, becomes much cheaper and with the same effectiveness. To get an idea, the time it takes to automatically connect to a legacy system can be months, while automatic connection through a native connector can be done in days.

In short, there are no technological or process issues large enough to negatively impact the deployment of a Identity Management. What exists is a lack of planning, knowledge of business needs and functionality that is desirable. Some managers underestimate or ignore situations during planning, which are sure to become major disruptions during implementation, some of them below:

1. Definition of the detailed list of systems to be connected in the Identity Management technology solution. Defining this list requires a complete understanding of how this system supports business processes and what technical limitations this system has, for example, user structure, profiles, groups, transactions, screens, objects, features, and more. It is important to define waves, grouping a maximum of three systems, always from the most critical / important to the least.

2. Definition of authoritative bases. Most likely the company will deal with employees, third parties and temporary staff, and will bump into internal human resources policies to get all user data.

3. Existence of a well-defined position versus job structure.Having this structure the gain is immense in relation to the intelligence added to the processes as well as the ease of implementation.

4. Existence of basic access packages by role. This dramatically reduces the number of requests made through human intervention.

5. Definition of actors involved in the workflows (approvers, executors, managers, normative). Without the actors defined, there are no processes.

6. Definition of technical features. Identity Management technology solutions have more than 10 possible features, but only a few of them are required requirements in an implementation. It is important to define implementation phases as needed by the business.

7. Assessment of the need for a profile redesign with or without segregation analysis. Do not expect to have appropriate adherent access profiles and 100% users early in deployment. The important thing is to take the current scenario of your company and import into the system, “as is”, after all the implementation of the Identity Management technology solution, start an access profile design project together with regulatory areas (risks and internal controls) and with the owners of the business processes. Companies sometimes spend years trying to draw profiles before or during the Identity Management project and lose all their work. Consider deploying a Role Management process integrated with the Identity Management technology solution.

The implementation of Identity Management It's simple, believe me. In the past some companies tried to make their own identity control system and today they do not migrate to new technologies for fear of losing functionality. Most of the tools available in the market meet the main needs of the most varied industries, and what you should not do is try to solve all the problems of the company with the identity management system. Step-by-step planning is critical to success, rapid return, and visibility of control across the enterprise.

* Umberto Rosti is CEO of Safeway 


THE [SAFEWAY] is a widely recognized company as a provider of premium information security and cybersecurity solutions. From its extensive portfolio, we highlight several solutions, including those based on platforms:

● Archer da RSA Security, considered by the institutes Gartner and Forrester and by the market itself, the most complete process integration solution for Governance, Risk Management, Compliance and Business Continuity Management;

● [SAFEWAY] Security Tower, supported by IBM Qradar (Watson Technology), IBM Resilient, and other solutions tailored to each organization for their security and cyber defense management needs.

● And others, involving technologies ImpervaThalesTripwire and WatchGuard Technologies.

Leave a Reply