Download Handout - PDF
Anyone in an organisation who has IT system authorisation poses a security risk to the organisation.
For example, an employee with permission to edit critically classified data poses a higher risk than an employee with permission to edit public data.
Our Identity Manager solution includes various functions to quantify the risk of each company resource. From this value, a risk index is calculated for each employee to whom this corporate resource is assigned. In this way, all employees whose authorisations pose a particular risk to the company can be identified. Rules within the scope of the identity audit can also be assigned a risk index. Every rule violation can increase the security risk. Identity Manager can be used to define rules that ensure compliance and monitoring of legal requirements and automatically handle rule violations.
Compliance has a special relevance in Identity Manager because legal requirements can be defined and monitored in the form of rules and their violations can be automatically detected by various mechanisms of Identity Manager. In an organisation, the most important compliance rules in Identity Audit for employees are the rules for checking permissions or their combinations with different user accounts.
Organisations have different requirements that they need to regulate internal and external employees' access to company resources. They also need to prove that they comply with legal requirements. Such requirements can be defined as policies. The difference between a rule and a policy is that a rule is a statement that specifies what may and may not be done with data in the system. A policy, on the other hand, is a set of rules.
In the context of identity management, organisations can manage 'corporate policies' to assess the risk associated with the occurrence of a particular condition. For example, a common corporate policy might be: All cost centres are assigned a manager. Another example would be to avoid orphaned accounts: Deactivated employees do not have activated user accounts.
A very handy feature of Identity Manager is that compliance/non-compliance with corporate rules or policies is graphically displayed on a heat map. The heat map in the web portal represents roles and organisations as coloured squares according to a traffic light principle. They are designed to help you quickly visualise and efficiently track particularly conspicuous values within a large amount of data. The size of the rectangles corresponds to the relative size of the role or organisation. For example, the more employees a company's structure has, the larger the rectangle in the view. The heat map not only gives a clear overview of the current data, but also provides another useful function by making a historical comparison with previous data.
Identity Manager enables the management of corporate policies, provided that the relevant data is stored in the system database and Identity Manager identifies any corporate resources that violate these corporate policies. The system provides scheduled tasks to periodically check compliance with rules and policies and provides various reports and statistics with an overview of violated policies.
Some of the risky outcomes in a heat map that you can see in Identity Manager include: Policy Violations, Average Employee Risk Index and Rule Violations.
Identity Manager is much more than an identity management solution!
Susanne Haase is an experienced Identity and Access Management professional, speaker as well as keynote speaker at many events. She has been working more than 20 years in the field of Identity and Access Management, gathering knowledge in implementing and architecting Identity and Access Management solutions for global organisations. Her journey went from consultant in professional services and managing projects to advising prospects as solution architect. In her current role as presales partner enablement manager, she is supporting partners, developing, and running the Presales partner enablement program in EMEA.