Organisation has identity crisis
INFORMATION TECHNOLOGY end user organisation, the Corporate IT Forum (TiF) released today an identity management guide which outlines the best practice for keeping an eagle eye on who’s accessing what, when and how on the corporate Interwibble.
The guide, IDM, Development, Implementation and Management is designed as a ‘how to’ manual on Identity management (IDM) and has been designed by and for members who wish to address this issue from a more practical angle.
The aim is also to design a guide which is an ongoing programme of work, not just an isolated project as it will be added to as and when new issues arises.
The guide was put together by seven different organisations while a further 20 reviewed it over an 18 month period, adding their own good practice tips, experiences and challenges faced when confronting identity crisis.
According to the input from these organisations, people should take a rather formal approach to identity management by asking questions in steps such as, asking for the user’s identity, inquiring after the user’s business and asking what data is requested.
This kind of questioning should lead to a Lightweight Directory Access Protocol (LDAP) which then directs the user through the system, allowing them to access only what they have the privileges for.
This will allow instant as well as remote access without the need for worrying about the security. This new system will also mean only having to log in once.
Although this is all quite nifty, the guide does advice further precautions, such as allowing some important management decisions to be made by a human, not an automated system, in order to stop access being granted to certain areas by accident.
The report outlines the three main advantages of following its protocol as reducing the risk of inevitable human error, saving both money and time whilst also easing staff’s access to company systems, both at work and from home.
Ollie Ross, head of research at The Corporate IT Forum said, "Our members developed this work because they wanted a practical ‘how-to' guide on the challenge of identity management, based on the real-world experiences of IT practitioners working today in large businesses."
Ross continues to say that the guide is both for IT practitioners considering identity management and for those who have already started their journey towards IDM.
The Corporate IT Forum hopes that this will be a great help to organisations as it follows a more practical instruction to IDM rather than the previously available theoretical and academic routes which have clearly not been that useful.
"We hope it will act as an important sense check for IT practitioners,' added Ross, "and give those already implementing IDM the confidence to continue forward." μ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Protecting sensitive corporate and customer data means more than just having a good password policy.
The TK Maxx/TJ Maxx data loss in 2007 and the Cotton Traders data loss in 2008, and now the Heartland Payment Systems loss all illustrate how weak network access controls ultimately lead to sensitive customer data being compromised.
Networks – both wired and wireless – must be as secure as current technology allows and inactive ‘zombie’ users should have their IT access deactivated, to avoid disgruntled former workers accessing systems, as well as reducing the number of entry points a criminal could use to gain access to back-office systems.
In addition, limiting user access to just the applications and repositories they actually need is an important tool to combat unauthorised and malicious data access. By limiting user access privileges, a compromised login will pose less of a threat to the business and limit the damage to mission-critical systems.
Stuart Hodkinson, UK general manager for Courion (http://www.courion.com)