Hitachi ID Identity Manager Business Case
Creating, maintaining and deleting login IDs for a large user population on multiple systems is complex. This complexity produces user service, security and cost problems:
New hires that join an organization may wait a long time for system access. Employees who change roles may likewise wait for new access. In both cases, the organization loses staff productivity while user provisioning processes lag.
High staff mobility or a large number of target systems lead to a large number of add / change / delete actions on login IDs. Approving and implementing these changes requires numerous IT support and security administration staff.
When people leave an organization, their systems access frequently persists -- for a long time or indefinitely. Orphan accounts represent a significant security risk and in some cases contribute needlessly to software license costs.
Other security problems that arise due to complex multi-system administration include users with excess or inappropriate privileges, weak or un-enforced password policies, violations of segregation of duties rules and improper approvals for security changes.
Hitachi ID Identity Manager Benefits: Security, internal controls and regulatory compliance
Identity Manager strengthens security by:
- Quickly and reliably removing access to all systems and applications when users leave an organization.
- Finding and helping to clean up orphan and dormant accounts.
- Assigning standardized access rights, using roles and rules, to new and transitioned users.
- Enforcing policy regarding segregation of duties and identifying users who are already in violation.
- Ensuring that changes to user entitlements are always authorized before they are completed.
- Asking business stake-holders to periodically review user entitlements and either certify or remove them, as appropriate.
- Reducing the number and scope of administrator-level accounts needed to manage user access to systems and applications.
- Providing readily accessible audit data regarding current and historical security entitlements, including who requested and approved every change.
Identity Manager Benefits: Cost savings
Identity Manager reduces the cost of managing users and security entitlements:
- Auto-provisioning and auto-deactivation leverage data feeds from HR systems to eliminate routine, manual user setup and tear-down.
- Self-service eliminates IT involvement in simple updates to user names, phone numbers and addresses.
- Delegated administration moves the responsibility for requesting and approving common changes, such as for new application or folder access, to business users.
- Identity synchronization means that corrections to user information can be made just once, on an authoritative system and are then automatically copied to other applications.
- Built-in reports make it easier to answer audit questions, such as "who had access to this system on this date?" or "who authorized this user to have this entitlement?"