Improving Government Agency Security With Identity and Access Management
 
                                                                    The recent news about the IRS systems being breached, and more than 100,000 taxpayer’s data potentially put at risk, underscores the dangers of public facing systems being compromised by individual hackers or organized groups looking to make a dollar or simply wreak havoc. While there need to be improvements in the security of public facing websites, one of the often overlooked dangers of improper data access can often originate within the organization itself.
In the often overworked IT departments at local, state and federal agencies, the processes of creating, maintaining and disabling user accounts is usually a manual, paper-based process and frequently takes a back seat to more pressing tasks. The result can be user accounts created with improper access rights, usually done by copying an existing user’s permissions, employees whose job or department has changed being left with legacy access or even terminated employees accounts being left active.
From Authentify to RSA, Solutions Review rounds up the top 24 Identity and Access Management solutions in the 2015 IAM Solutions Buyer’s Guide. Download your free copy today!
So what’s a busy IT staff to do? With budget and staff cuts happening everywhere, a low-cost and easy-to-implement solution is paramount to ensure user accounts are created and maintained properly and accurately.
Commercial solutions are readily available that can tackle this type of problem utilizing a couple of different approaches. One approach is to automate the process by linking an identity and access management solution (IAM) with the agency’s HR software. Every time a user is hired, has a job change or is terminated, their accounts are appropriately managed according to a defined set of rules. These rules can include: where in the directory they should be placed, what mailbox quotas are applied and role based – title department, location, etc. — access and application rights the individual should have, and much more. Further, upon termination, access should be immediately revoked and emails automatically forwarded to a manager.
The second approach involves a workflow system that delegates management of the user accounts from the IT department out to hiring managers or even the employees themselves. When a manager hires a new employee, they input basic information such as name, department and title into a web form. Drop downs can be used in the form to ensure the accuracy of the requisite information and to ease the data entry process. This basic information is then sent via a workflow process to other individuals responsible for entering other information as well as an approval. After the final approvals have been granted, the IT department has an opportunity to review and then automatically commit the changes to the network.
A second phase of this workflow drives responsibility for updates and change requests to the employees themselves. If they need access to a different share or application, they can request it via a web form where upon completion, it is routed to the appropriate individuals for approval and commitment to the network. This workflow process can easily be expanded to include non-network related assets as well. Requests for items like cell phones, new computers, and other resources can easily be implemented as part of a workflow approval process.
In today’s age, it is very important to remember that security attacks and compromised data can happen from within, as well as from the outside.
Dean Wiech is managing director of Tools4ever US, a division of the global provider of identity and access management solutions. Tools4ever was recently awarded an Information Technology Schedule 70 contract by the U.S. General Services Administration (GSA). The solutions can be located through contract # GS-35F-232CA.


 
                                                                                                                     
                                                                                                                     
                                                                                                                    



 
                                                                                                             
                                                                                                             
                                                                                                             
                                                                                                             
                                                                                                             
                                                                                                             
                                                                                                             
                                                                                                            