Simplify Identity and Access Management
Leverage risk- and role-based access control to quantify and simplify the IAM process.
- Identity and access management (IAM) is the foundation of all usability within the environment and needs to be well defined and documented. Every organization has users, and every user needs access.
- Organizations have watched their systems become more entangled as more processes are moved to the cloud and more security threats present themselves.
- Auditing a long list of users is a tedious task that nobody wants to do. Unclassified data exacerbates the problem.
Our Advice
Critical Insight
- Role-based access control (RBAC) doesn’t have to be hard.
Document the information that people inherently know. Having a strong repository of permission-role and user-role assignments is key to ensuring that the RBAC process lives on and remains effective despite changes within the organization. - Focus on permission and role engineering.
Managing identity and access starts with identifying and classifying what requires access, taking into account where it exists and identifying who needs access to it. This first process is termed permission engineering. The latter part is termed role engineering. While not covered in this research, it will be explored in future iterations. - The primary goal should be to minimize privilege creep.
RBAC improves the efficiency of managing IAM by reducing the amount of privilege creep that exists among the users of the organization. When roles are designed, the principle of least privilege is employed, and therefore users are granted only the roles, and consequently permissions, required to do their job.
Impact and Result
- Our research will lay the groundwork for establishing a centralized, effective, and efficient system for managing identity and access. We will help organizations take back control of their IAM environment by creating and implementing a RBAC model.
- Working with the tools associated with this research will help create a repeatable, simplified auditing process and minimize the amount of entitlement sprawl.
- This research will educate readers on selecting and implementing IAM vendors and will assist in producing vendor RFPs and shortlisting vendors to help ensure that selected vendor solutions offer capabilities required by the organization (e.g. multi-factor authentication) based on business goals, compliance, and other gaps, and will offer integration functionality with the different cloud vendors (e.g. SaaS) used by the organization.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.7/10
Overall Impact
$2,469
Average $ Saved
6
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Lee County Clerk of Courts
Guided Implementation
10/10
N/A
10
Carlos was very knowledgeable. He provided valuable insights and documentation that will certainly save us time on our IAM project.
Canopy Growth
Guided Implementation
10/10
N/A
N/A
Carlos clearly understood the complex issues we face and offered some great advice and suggestions on where to start, with potential tools that mig... Read More
Guidehouse LLP
Guided Implementation
9/10
$2,469
1
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Need Extra Help?
Speak With An Analyst
Get the help you need in this 4-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.
Guided Implementation 1: Audit and classify existing data
- Call 1: Establish a data classification scheme and apply it to application functions.
Guided Implementation 2: Implement a risk- and role-based access control model
- Call 1: Build role hierarchy.
- Call 2: Establish separation of duties constraints.
- Call 3: Define metrics.
Guided Implementation 3: Create an RBAC maintenance plan
- Call 1: Create a maintenance plan for the RBAC process.
Guided Implementation 4: Consider an IAM vendor
- Call 1: Discuss vendor options.
- Call 2: Create an implementation plan for acquiring or changing an IAM solution.
Contributors
- Kassim Dossa, Director of Procurement and IT, AgeCare Investments Ltd.
- Mike Layton, Director – Enterprise Services & Information Systems, Baylor College of Medicine
- Jon Cutler, Chief Information Security Officer, Marshall University
- 5 anonymous contributors
Assess and Govern Identity Security
Mature Your Identity and Access Management Program
Simplify Identity and Access Management
Passwordless Authentication