I have been hearing the need of robust Identity and Access Management & Governance from past several years throughout my meetings with IT directors, managers. However, at the same time I feel that it is being represented using a very complex terminologies and is difficult for a business to understand it. Based on my experience, the key ingredients of robust Identity and Access Management & Governance (IAM/G) is an integrated:
3.Segregation of Duties
6.Closed Loop Remediation
The need of identity management and access management is driven through administrative efficiency, the segregation of duties and access recertification are required to avert fraudulent activities and to meet regulatory data controls, the organizational change is required to ensure need-to-know principle, the closed loop remediation ensures integration of all components in your IAM solution but is seen as nice to have by business. As a security consultant, I see that there is a need to educate and advice clients on a closed loop remediation to build a real robust identity and access management & governance solution for any organization. The IAM/G solution is incomplete without a fully automated closed loop remediation process that can remediate excess privileges identified throughout the process right from managing identities to organizational change.
Views by Vikas Choudhary