Skip to main content

Policy Violations

Business Challenge

When user access to systems and applications is managed manually, errors and inconsistencies are inevitable. Administrators may not be aware of pre-existing security entitlements or of all of an organization's policies.

The result of manual administration of users and entitlements is that users often wind up with:

  • Too many entitlements, due to privilege accumulation.
  • Mutually contradictory entitlements, violating segregation of duties policies.
  • Orphan and dormant accounts, which are no longer required.

Each of these policy violations has the potential to be used to compromise the organization's security.

Hitachi ID Identity Manager Solution
  • Identity Manager creates user access using templates and roles, ensuring that access rights are standardized and appropriate.
  • Identity Manager can be used to find and remove orphan and dormant accounts.
  • Identity Manager can check all change requests against a list of segregation of duties policies and prevent changes from triggering violations.

Using Identity Manager, organizations can eliminate most of the policy violations that result from manual security administration.

Read More:

  • Slow Onboarding:
    It can take too long to create login IDs for newly hired or reassigned users.
  • Costly Security Administration:
    Processes to manage users and entitlements are costly and time consuming.
  • Unreliable Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies regarding appropriate access or segregation of duties.
  • Auditing User Entitlements:
    Auditing user entitlements that span multiple systems.
  • Ambiguous User Access Requests:
    Users understand files and folders, but not groups and ACLs. This makes change requests hard to interpret and both costly and time consuming to fulfill.
  • No History for Security Rights:
    When security entitlements are granted or revoked using native administration tools, there is no audit trail to show who made the change, when or for what reason.
page top page top