Skip to main content

Costly Security Administration

Business Challenge

Every time a person joins an organization, moves through it or leaves it, business users must fill in forms to request matching changes to the user's security entitlements on corporate systems and applications and IT security administrators must implement those changes.

While individual Add / Edit / Delete requests may be simple, the cost is cumulative:

  • It can be hard for users to figure out what changes they need and how to ask for it.
  • Change requests are often improperly filled in and must be rejected by administrators because they are ambiguous or not adequately authorized.
  • The total number of A/E/D requests can be large, as it is a product of user mobility and the number of systems and applications.

The net result is that security change management is often very expensive.

Hitachi ID Identity Manager Solution
  • Identity Manager can eliminate a significant part of the Add/Edit/Delete workload by monitoring a system of record, such as HR, and automatically changing user access to systems and applications.
  • Identity Manager enables users to fill in change request forms on-line. These forms are validated, calculated fields filled in and requests are sent to suitable business stake-holders to approve. This simplifies request input and eliminates rejected forms.
  • Identity Manager can automatically fulfill approved change requests on widely subscribed systems and applications, eliminating manual effort on the part of system administrators.
  • System administrators can use Identity Manager to get a consolidated view of a user's security entitlements, across systems and applications. A user-centric rather than system-centric view saves time for remaining manual administration.

Using Identity Manager, organizations can eliminate part of the security change management process, move some of it to self-service and expedite what remains.

Read More:

  • Slow Onboarding:
    It can take too long to create login IDs for newly hired or reassigned users.
  • Costly Security Administration:
    Processes to manage users and entitlements are costly and time consuming.
  • Unreliable Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies regarding appropriate access or segregation of duties.
  • Auditing User Entitlements:
    Auditing user entitlements that span multiple systems.
  • Ambiguous User Access Requests:
    Users understand files and folders, but not groups and ACLs. This makes change requests hard to interpret and both costly and time consuming to fulfill.
  • No History for Security Rights:
    When security entitlements are granted or revoked using native administration tools, there is no audit trail to show who made the change, when or for what reason.
page top page top