Identity Management Blog

A common approach by organizations on tight budgets has been to solve their Identity and Access needs with Active Directory (AD). While this approach has its advantages, it has many more disadvantages. AD has its place in almost any enterprise-computing environment, but as security and risk professionals, we must know where it belongs (and doesn’t belong) in an IAM strategy.
Read More
Here, we will continue the playbook items list that we started in part 2.
In part 1 of this 3-part article, we described the scenarios and motivation for a new approach to IAM that is required for these days.  Here we will start explaining what makes up that new playbook.
Over the past few months, I have come to realize, through empirical observation working with our clients, that the way in which Identity and Access Management (IAM) initiatives are carried forward demands a different approach from what we have seen to-date. I mean this from a holistic view: the drivers, the business justification and the expectations around what IAM should deliver to the business ...
In our Kickstart advisory engagements, we normally recommend that our clients deploy an Access Recertification process. Even when access provisioning has been automated, access recertification should be used to certify not only that users still “work here” but also that their access is appropriate.  This is particularly valuable in cases in which the user population being recertified is not ...
OK, this is a trick question; as of today, you really don’t have a choice. You need to have a role-based approach to access governance.  The real question is: “how much can you handle and how much automation can you afford.”  The days of debating whether or not to manage roles are long gone.
Part 1 of this 3-part article defined access governance, and part 2 described some of the unique challenges poised by cloud applications.  In this last part, I provide some recommendations based on our experience bringing cloud applications under governance.
Part 1 of this 3-part article set the stage by defining access governance in general, and with a focus on cloud applications. In this second part, we look at the scope of access governance and some of the unique challenges that cloud applications rise.
In working with some of our clients recently, I have engaged in discussions with them concerning their Identity and Access Management (IAM) strategies in light of compliance and risk mitigation, and the topic of Access Governance has been front and center of the discussion. Since this is a timely and relevant issue for many organizations, I feel compelled to share my point of view.
As previously announced, on Tuesday May 11th, 2010, we hosted a webinar focused on PPL's strategy for streamlining and automating compliance with NERC CIP requirements and other regulations, such as SOX and FERC, by leveraging an Identity and Access Management (IAM) solution.