Unreliable Deactivation - Hitachi ID Identity Manager
In many organizations, user access to systems and applications
remains long after the users themselves have gone. These orphan
and dormant login accounts pose a serious security threat,
since they can be compromised without anyone noticing.
- Identity Manager can automatically terminate user access to systems,
triggered by changes to user status on a system of record,
such as HR.
- Identity Manager can identify
orphan and dormant accounts -- orphans
in the sense that they have no known owner and dormant in
the sense that nobody has signed into them for some time.
Such accounts are subjected to extra review and removed if
they are truly not needed.
Using Identity Manager, organizations can make access deactivation
processes fast, reliable and complete -- exactly what manual
processes are not.
- Slow Onboarding:
It can take too long to create login IDs for newly hired or reassigned users.
- Costly Security Administration:
Processes to manage users and entitlements are costly and time consuming.
- Unreliable Deactivation:
Access deactivation can be slow, unreliable or incomplete.
- Policy Violations:
Manual security administration leads to users whose access profiles violate corporate policies regarding appropriate access or segregation of duties.
- Auditing User Entitlements:
Auditing user entitlements that span multiple systems.
- Ambiguous User Access Requests:
Users understand files and folders, but not groups and ACLs. This makes change requests hard to interpret and both costly and time consuming to fulfill.
- No History for Security Rights:
When security entitlements are granted or revoked using native administration tools, there is no audit trail to show who made the change, when or for what reason.