Hitachi ID Identity Manager Business Case
Creating, maintaining and deleting login IDs for a
large user population on multiple systems is complex. This complexity
produces user service, security and cost problems:
New hires that join an organization may wait a long time
for system access. Employees who change roles may likewise wait for
new access. In both cases, the organization loses staff productivity
while user provisioning processes lag.
High staff mobility or a large number of target systems lead to a large
number of add / change / delete actions on login IDs. Approving and
implementing these changes requires numerous IT support and
security administration staff.
When people leave an organization, their systems access frequently
persists -- for a long time or indefinitely. Orphan accounts represent
a significant security risk and in some cases contribute needlessly
to software license costs.
Other security problems that arise due to complex multi-system
administration include users with excess or inappropriate privileges,
weak or un-enforced password policies, violations of segregation of duties
rules and improper approvals for security changes.
Hitachi ID Identity Manager Benefits: Security, Internal Controls and Regulatory Compliance
Identity Manager strengthens security by:
- Quickly and reliably removing access to all systems and applications
when users leave an organization.
- Finding and helping to clean up orphan and dormant accounts.
- Assigning standardized access rights, using roles and rules, to
new and transitioned users.
- Enforcing policy regarding segregation of duties and identifying
users who are already in violation.
- Ensuring that changes to user entitlements are always authorized before
they are completed.
- Asking business stake-holders to periodically review user
entitlements and either certify or remove them, as appropriate.
- Reducing the number and scope of administrator-level accounts needed to
manage user access to systems and applications.
- Providing readily accessible audit data regarding current and
historical security entitlements, including who requested and
approved every change.
Identity Manager Benefits: Cost Savings
Identity Manager reduces the cost of managing users and security entitlements:
- Auto-provisioning and auto-deactivation leverage data feeds from
HR systems to eliminate routine, manual user setup and tear-down.
- Self-service eliminates IT involvement in simple updates to user
names, phone numbers and addresses.
- Delegated administration moves the responsibility for requesting
and approving common changes, such as for new application or
folder access, to business users.
- Identity synchronization means that corrections to user information
can be made just once, on an authoritative system and are then
automatically copied to other applications.
- Built-in reports make it easier to answer audit questions, such as
"who had access to this system on this date?" or "who authorized
this user to have this entitlement?"