Monday, May 19, 2014

April Newsletter - Business - Driven Identity and Access Management (IAM)

Vega newsletter is published monthly by Vega BI, and distributed to our partners to facilitate pursuit of a common interest in top-notch technologies.

For years, security and business managers have known that identity and access management (IAM) must be driven by business requirements. After all, business managers know best “who should have access to what”. Business-Driven Identity and Access Management is our topic of the month



Business-Driven Identity and Access Management

For years, security and business managers have known that identity and access management (IAM) must be
driven by business requirements. After all, business managers know best “who should have access to what.”

But all too often, IAM processes don’t reflect this “business context”. These processes lack support for a business view of access which reflects the fine-grained entitlements that determine specifically which actions users may take within applications. In addition, traditional IAM systems have consistently been prohibitively expensive to deploy and operate, limiting their breadth of coverage and effectiveness.

This business context is the sum total of everything an organization knows about its users, their job responsibilities, and the information, applications and entitlements they need. While some context is contained within IT-managed systems (such as directories and HR applications), additional context is also held by the managers who supervise users or by the owners of business functions, applications and data, not by the IT or security staff.

Organizations cannot afford to spend any more than they must on identity and access management. Nor can they afford the regulatory, legal or intellectual property risks of not properly managing identity and access
management. The road to the most efficient and effective identity and access management runs right through the owners of the business processes, applications and data. Using the detailed “business context” about which users require what access and entitlements as the foundation for automated, business driven identity and access management that delivers the maximum business value at the lowest cost.