Dell Whitepaper: 8 Best Identity and Access Management Best Practices

Dell Software has a useful whitepaper out that you should take a look at if you searching for an Identity and Access Management Solution. It features 8 best practices for executing your Identity and Access Management strategy in today’s security threat laden world. Here’s a brief synopsis:

1. Define Your Workforce

This best practice means utilizing the systems within your HR department as much as possible to draw data into your Identity and Access Management system, letting you avoid repetition, errors and other inconsistencies. Another marker of a good IAM set up is if your organization has a “managed front-end,” like a “web-based interface that can be used to verify” and revise data.

2. Define Identities

You will want to establish a single, integrated system to provide end-to-end identity management of your employees. Dell recommends you start by identifying three key subsystems: a primary directory service, such as Active Directory; a messaging system; and a primary enterprise resource planning (ERP) system. Once identified, integrating these systems together into a single Identity and Access Management process can provide your organization with a “quick win.” Dell also recommends that this be the stage where IT takes over responsibility for the identity management lifecycle.

3. Provide Knowledge and Control to Business Owners

Important to answering the question “who has access to what,” IT will need to coordinate the inventory of identities and permissions with business data owners. A web-based front end is recommended for smoothing this process along and ensuring business owners get the information they need.

4. Implement Workflow

Unmanaged change causes problems. A “request and approval” work flow can help you manage document change, and thus avoid problems. Web-based self-service user-interfaces are recommended for the role of user resource requests, with data owners allowed to directly respond, removing IT’s role from the decision-making process.

5. Automate Provisioning

Provisioning tasks can be very time consuming, so automating them can not only prevent mistakes but also save your employees and organization time better spent on other projects. Dell recommends starting by prioritizing your email, ERP and databases, as provisioning requires access into these systems more frequently. Additionally, start by automating basic tasks, such as “change/add/delete,” and then move on to more complex activities, such as unlocking accounts.

6. Become Compliant

This means leveraging your IAM strategy to keep yourself compliant with any regulations that apply to your industry or organizational type. Dell has a series of specific steps to take for this best practice:

You’ll need to focus on clearly defining and documenting the job roles that have control over your data, as well as the job roles that should have access to auditing information. Define compliance rules step by step, and assign each step to a responsible job role. Integrate rule checking in your identity management system and workflow operations to help automate remediation of incorrect actions; this will help improve consistency and security as well as compliance.

7. Check and Recheck

Too many organizations assign a permission when it’s needed and then never look at it again. This practice invites security breaches as people leave the company or move to different sections. Instead, establish periodic reviews or re-certifications of permissions to make sure that no person or identity has access to systems that they shouldn’t.

8. Manage Roles

Permissions should be assigned to job roles and not people, according to Dell. Taking the time to set up within your system job roles that closely match what goes on within your company can save you much in the way of time and headaches down the road. Establishing user self-service interfaces to directly request roles and their attached permissions from role owners can take IT out of the process entirely and increase responsiveness.

Dell’s particular solution for Identity and Access Management is the Quest One Identity Manager, which Solutions Review considers one of the top IAM providers out there. For more information on this and other top IAM solutions, take a look at our Buyers Guide.

For the Dell whitepaper, click here.