For years, security and business managers have known that identity and access management (IAM) must be driven by business requirements. After all, business managers know best “who should have access to what”. Business-Driven Identity and Access Management is our topic of the month
For years, security and business managers have known that identity and access management (IAM) must be
But all too often, IAM processes don’t reflect this “business context”. These processes lack support for a business view of access which reflects the fine-grained entitlements that determine specifically which actions users may take within applications. In addition, traditional IAM systems have consistently been prohibitively expensive to deploy and operate, limiting their breadth of coverage and effectiveness.
This business context is the sum total of everything an organization knows about its users, their job responsibilities, and the information, applications and entitlements they need. While some context is contained within IT-managed systems (such as directories and HR applications), additional context is also held by the managers who supervise users or by the owners of business functions, applications and data, not by the IT or security staff.
Organizations cannot afford to spend any more than they must on identity and access management. Nor can they afford the regulatory, legal or intellectual property risks of not properly managing identity and access
