Identity Management, Auditing and Role Management

Interesting week in the trenches

Mark Mac Auley posted earlier this week about his jetsetting week meeting people to talk about identity management.

One point that he does make is:

“The 4 PM blew their hair back to the point that I stayed over another night to meet with an even broader audience to pitch the notion of control to. Funny thing is, they were far more interested in audit capabilities since that was the immediate need”

I couldn’t agree more! Recently, nearly all of the customers that I go to see about Identity Management talk about auditability being one of their major pain points. In alot of cases, this is due to compliance issues (SOX, 7799 etc). However, even for companies who don’t have direct accountability to one of the many standards, there is still a necessity for traceability and audit.

Like Mark also says:

“What I learned was that in a project of this size, magnitude, and importance (people will die if it doesn’t go well) is that knowing what is happening in real time on the network by who is on the network and what they are accessing (whether they are supposed to or not) will drive the best possible policy development, and ultimately policy enforcement which is the end goal (I think) of implementing an identity management solution.”

Not only will it drive policy development as Mark has stated, but by analysing real time access, this information can also be used to drive role definition and role management, something that Nishant Kaushik has been discussing in his posts on role management (part1, part2 and part3).

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s