Article

How Do We Optimize Access Control Performance?

In a perfect world, the lifecycle of any identity is readily tracked and managed. The policies that determine basic access are derived from the relevant characteristics of the identity – role, function, business unit, project team, location, certifications, etc. Additional access rights may require a resource owner’s permission. All of these inputs and controls are effectively managed in a single IAM system. In the real world, however, the relationships between the policies, models and mechanisms for capturing and managing all of these inputs and outputs tend to be overwhelming.

Ray Brisbane

 











             To learn more about Ray and his 20+ years of Cybersecurity and
             Enterprise Asset Management experience, visit his LinkedIn page.

Organizations typically have many different systems, applications, information domains, operational controls, cloud environments, etc., leveraging different network and cloud directories. They support many different business units, functional groups and even segmented project/program management teams. Oftentimes, access control is handled at the directory level, or even within an application- or resource-specific security model.

The cost of managing lots of identity and access control components, with lots of people, systems and methods, can be staggering. These costs fall into several categories: the manpower and technology to run all of the processes, audits and compliance, business inefficiencies and, perhaps most importantly, the costs associated with being the victim of a breach, theft or malevolent force.

So how do organizations gain a handle on these challenges and keep costs in check? What are the measures for determining the baseline characteristics, objective state and optimal performance?

Currently, the Omada Identity Suite offers a best-in-class approach and platform for consolidating identity and access management (and governance) on a single platform. Honed by the requirements of European regulations and the demands of global multinational organizations, Omada offers an IAM platform that is focused on delivering rapid time-to-value in the management of access control performance.

Omada’s approach is rather ingenious:

  • Collect all of the identities.
  • Collect all of the accounts.
  • Match ‘em up.
  • Fix the ones that are unknown or that conflict with policies.
  • Put it in place rapidly without requiring too much custom design or engineering.
  • Work toward centralized provisioning.
  • Start measuring and tracking performance.
  • Make it really easy for everyone to use and understand.

What are the key performance measures? That’s pretty straightforward as well:

  • How many identities are authorized to access any information or operational system across the enterprise?
  • Have they all been validated with an authoritative source?
  • Have the accompanying identity attributes been validated as current and accurate as well?
  • Have we connected every account for every system or resource with an identity?
  • If not, how many accounts have an unconnected identity?
  • Are we in process to remedy those accounts?
  • What percentage of accounts can be provisioned centrally?
  • How much does it cost to manage all of our identities and access controls?
  • Do our IAM practices align with regulatory compliance requirements?
  • How much does it cost to support compliance and audits?

Once we have the policies, models and mechanisms in place, in the form of an enterprise IAM platform, then all of these performance characteristics and measures are visible in a centralized location. Reports, analytics, dashboards and alerts, can be readily incorporated into the management oversight functions of the organization. An IAM platform further establishes a foundation for a number of other related IT/OT management functions, including ITSM, compliance, governance, audit support, adaptive analytics, forensics, orchestration, consumption and billing, etc.

Organizations struggling with disjointed IAM practices can gain significant operational and cost benefits from a centralized IAM platform. The Omada Identity Suite provides a highly efficient approach to achieving integrated IAM, governance and compliance across the extended enterprise.

____________________________________________

If you would like more information about how the right IAM solution can transform your organization, contact Ray Brisbane via phone (571.483.2735) or via email at rbrisbane@dtec.com.

Leave a Comment