Identity, group and user attestation

All-In-One Identity Management and Cloud Security

Emerging technologies are challenging old paradigms and unveiling new ways of approaching the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.

EmpowerID has embedded innovative technologies in every aspect, providing flexible and mature IAM capabilities in the cloud, on premise and in hybrid environments, addressing the mission-critical need across increasingly heterogeneous technology environments, and meeting increasingly rigorous compliance requirements.

I often think of Gartner's quote on identity and access management: "the right people have access to the right systems at the right time" and think how do you know if they are the right people or the right systems or the right access? We work with organizations with hundreds of thousands of users, does Bob in IT know all of them?

right access to the right resources I'm being facetious of course, there's nobody in IT named Bob usually. But that's where your identity and access management platform comes in. It is busy giving people access to systems and you need to make sure that you are inserting the "right" into that sentence & process.

Having trusted authoritative sources really helps. If you know that HR and other systems know all of the employees, contractors, partners and customers, you can usually cover the "right person" aspect of all of this. But, that isn't always the case, so you have your first attestation option right there to solve the "right people" issue.

There will be a departmental owner or manager or HR person who can attest periodically that that user is still an active employee. Build a workflow where somebody has to approve the continuing existence of that user account. Not just a network account, but application accounts too. Think of the savings if you periodically have users attest that they still need that cloud application account for which you are paying a monthly fee.

If the account hasn't been used or accessed for a certain period (say, 90 days), bump up the attestation. It's easy to build this into a BPM-based identity workflow. Make more secure application accounts have a higher degree of attestation involving identity proofing or two factor authentication.

So, with that user attestation process you solve the right systems and the right people but what about the right access? Roles and group attestation helps solve this. Have the role or group owner attest to the membership of the group and the group's rights and permissions on a quarterly or yearly basis. Give them the audit reports to show what that role or group can do and who has been doing it.

This should all be built in to the identity workflows that come with your IAM platform, if not, take a look at EmpowerID. Dont' just give access to people, give the right access to the right people.

Tags: Role Based Access Control (RBAC), Group Management, Identity and Access Management (IAM)

All-In-One Identity Management and Cloud Security

Identity, group and user attestation

About EmpowerID

Latest Posts

Posts by category

Subscribe via E-mail