Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    How to Engage Business Managers in Identity Management Compliance and Security Processes

    By
    Mark McClain
    -
    October 11, 2010
    Share
    Facebook
    Twitter
    Linkedin

      Global corporations have recently begun to recognize that identity management is very much a business process that underpins compliance and security efforts. Identity management has always been an extension of core business processes, ensuring that users have the access they need to do their jobs. When users leave the organization, that access is promptly removed.

      In the last decade, however, government regulations have added new security and compliance demands that require companies to demonstrate and prove strong controls over “who has access to what.” This shift has made it all the more imperative that IT organizations work closely with business managers. Because they are the ones who understand the business risks facing the organization, business managers can and should make the appropriate trade-offs between benefits and risks to the organization.

      Many people in technology talk about bridging the gap between business and IT, or more accurately, aligning business and IT. But the reality is that engaging business users in security and compliance processes is no easy task. Addressing this difficulty can help organizations ensure the effectiveness of IT controls in managing risk and reducing corporate liability. To get organizations started in the right direction, the following are three best practices that IT managers can take to ensure that business managers are active and effective participants in identity management processes.

      1. Build a culture of business accountability

      Good identity governance ensures that organizations have full visibility into who has access to each critical application and system-and the risk this represents. The better managers understand the potential risks associated with access privileges, the better the company can mitigate those risks.

      Business managers provide valuable insights into business risk, so a good identity governance program should regularly include review and approval of access privileges by business managers. By establishing a regular, automated process for business managers to review access, you can begin building a culture of accountability. You will be well on your way to ensuring controls that prevent fraud and enforce corporate policy.

      Focus on Policy Alignment

      2. Focus on policy alignment

      Business managers understand the risks associated with sensitive applications based on asset value, privacy requirements or potential for fraud or misuse. Because of this, they are the ones best equipped to define the control objectives needed to mitigate business risk. At the same time, the IT organization is ultimately responsible for ensuring that access configurations (who can access programs, tables, documents, etc.) conform to those business policies.

      Both sides must be involved in order to achieve policy alignment at the implementation level (that is, not just captured in binders that sit on a shelf). Business-friendly tools that allow business managers to understand how policy is implemented and that highlight when policy violations are detected can help ensure that IT controls properly reflect compliance policy.

      3. Make transparency a priority

      The final step to engaging business managers is perhaps the most important one. The organization must take steps to ensure the required level of transparency into the organization’s identity data-in a way that is easily understood by business users. It’s simply not practical to expect business managers to be able to interpret cryptic access privileges as they natively occur in directories, operating systems, applications and databases (and then make any meaningful decision about these privileges). To ensure good decisions and effective oversight, business managers require business-oriented user interfaces, glossaries and help facilities that turn IT data into business intelligence.

      Todays Identity Management Tools

      Today’s identity management tools

      I’d be remiss if I did not suggest that today’s next-generation identity management solutions can help facilitate this collaboration across IT and business lines. Like BI tools, they aggregate and correlate identity and access data across applications, databases, systems and directories to create a single authoritative view of “who has access to what.”

      They then transform that disparate technical identity data into consistent, business-relevant information. This gives business managers the information and metrics they need to strengthen internal controls, improve auditability and reduce risk. Finally, identity management tools provide business-friendly UIs that are designed to be used collaboratively by both business and IT users.

      When organizations deploy the right identity management tools in accordance with the three best practices outlined earlier-building an accountability culture, aligning policy and providing full IT transparency-they can successfully engage business managers in a traditionally IT-centric process. Having business managers participate in identity management processes leads to more accurate compliance and security efforts and, ultimately, a better risk posture for the organization.

      Mark McClain is founder and CEO of SailPoint. Mark drives the vision and overall business strategy for SailPoint. Previously, Mark was founder and president of Waveset, where he helped establish the company’s industry-leading position in the identity management space, including 250 percent revenue growth year over year for three years. Following the acquisition of Waveset by Sun Microsystems, Mark served as vice president of marketing for Sun software. Mark also has diverse experience in international sales and marketing with Hewlett-Packard, IBM and Tivoli Systems. He can be reached at [email protected].

      Mark McClain
      Mark McClain is founder and CEO of SailPoint. Mark drives the vision and overall business strategy for SailPoint. Previously, Mark was founder and president of Waveset, where he helped establish the company's industry-leading position in the identity management space, including 250 percent revenue growth year over year for three years. Following the acquisition of Waveset by Sun Microsystems, Mark served as vice president of marketing for Sun software. Mark also has diverse experience in international sales and marketing with Hewlett-Packard, IBM and Tivoli Systems. He can be reached at [email protected]

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×