Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    How to Engage Business Managers in Identity Management Compliance and Security Processes

    By
    Mark McClain
    -
    October 11, 2010
    Share
    Facebook
    Twitter
    Linkedin

      Global corporations have recently begun to recognize that identity management is very much a business process that underpins compliance and security efforts. Identity management has always been an extension of core business processes, ensuring that users have the access they need to do their jobs. When users leave the organization, that access is promptly removed.

      In the last decade, however, government regulations have added new security and compliance demands that require companies to demonstrate and prove strong controls over “who has access to what.” This shift has made it all the more imperative that IT organizations work closely with business managers. Because they are the ones who understand the business risks facing the organization, business managers can and should make the appropriate trade-offs between benefits and risks to the organization.

      Many people in technology talk about bridging the gap between business and IT, or more accurately, aligning business and IT. But the reality is that engaging business users in security and compliance processes is no easy task. Addressing this difficulty can help organizations ensure the effectiveness of IT controls in managing risk and reducing corporate liability. To get organizations started in the right direction, the following are three best practices that IT managers can take to ensure that business managers are active and effective participants in identity management processes.

      1. Build a culture of business accountability

      Good identity governance ensures that organizations have full visibility into who has access to each critical application and system-and the risk this represents. The better managers understand the potential risks associated with access privileges, the better the company can mitigate those risks.

      Business managers provide valuable insights into business risk, so a good identity governance program should regularly include review and approval of access privileges by business managers. By establishing a regular, automated process for business managers to review access, you can begin building a culture of accountability. You will be well on your way to ensuring controls that prevent fraud and enforce corporate policy.

      Focus on Policy Alignment

      2. Focus on policy alignment

      Business managers understand the risks associated with sensitive applications based on asset value, privacy requirements or potential for fraud or misuse. Because of this, they are the ones best equipped to define the control objectives needed to mitigate business risk. At the same time, the IT organization is ultimately responsible for ensuring that access configurations (who can access programs, tables, documents, etc.) conform to those business policies.

      Both sides must be involved in order to achieve policy alignment at the implementation level (that is, not just captured in binders that sit on a shelf). Business-friendly tools that allow business managers to understand how policy is implemented and that highlight when policy violations are detected can help ensure that IT controls properly reflect compliance policy.

      3. Make transparency a priority

      The final step to engaging business managers is perhaps the most important one. The organization must take steps to ensure the required level of transparency into the organization’s identity data-in a way that is easily understood by business users. It’s simply not practical to expect business managers to be able to interpret cryptic access privileges as they natively occur in directories, operating systems, applications and databases (and then make any meaningful decision about these privileges). To ensure good decisions and effective oversight, business managers require business-oriented user interfaces, glossaries and help facilities that turn IT data into business intelligence.

      Todays Identity Management Tools

      Today’s identity management tools

      I’d be remiss if I did not suggest that today’s next-generation identity management solutions can help facilitate this collaboration across IT and business lines. Like BI tools, they aggregate and correlate identity and access data across applications, databases, systems and directories to create a single authoritative view of “who has access to what.”

      They then transform that disparate technical identity data into consistent, business-relevant information. This gives business managers the information and metrics they need to strengthen internal controls, improve auditability and reduce risk. Finally, identity management tools provide business-friendly UIs that are designed to be used collaboratively by both business and IT users.

      When organizations deploy the right identity management tools in accordance with the three best practices outlined earlier-building an accountability culture, aligning policy and providing full IT transparency-they can successfully engage business managers in a traditionally IT-centric process. Having business managers participate in identity management processes leads to more accurate compliance and security efforts and, ultimately, a better risk posture for the organization.

      Mark McClain is founder and CEO of SailPoint. Mark drives the vision and overall business strategy for SailPoint. Previously, Mark was founder and president of Waveset, where he helped establish the company’s industry-leading position in the identity management space, including 250 percent revenue growth year over year for three years. Following the acquisition of Waveset by Sun Microsystems, Mark served as vice president of marketing for Sun software. Mark also has diverse experience in international sales and marketing with Hewlett-Packard, IBM and Tivoli Systems. He can be reached at [email protected].

      Avatar
      Mark McClain
      Mark McClain is founder and CEO of SailPoint. Mark drives the vision and overall business strategy for SailPoint. Previously, Mark was founder and president of Waveset, where he helped establish the company's industry-leading position in the identity management space, including 250 percent revenue growth year over year for three years. Following the acquisition of Waveset by Sun Microsystems, Mark served as vice president of marketing for Sun software. Mark also has diverse experience in international sales and marketing with Hewlett-Packard, IBM and Tivoli Systems. He can be reached at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×