Six Keys to Securing Access Control and Identity Systems | eWeek

Six Best Practices for Improving Identity and Access Governance

1088_BestPracticeGovernance
Mar 16, 2018
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


Six Best Practices for Improving Identity and Access Governance

Six Best Practices for Improving Identity and Access Governance

Access control and identity governance policies are two key pillars of enterprise security, providing organizations with approaches to securing important technology assets. Unfortunately, it’s not always easy to properly secure identity and access control, due to organizational complexity. Further compounding the challenge is that cyber-attackers are taking direct aim at access control and identity systems in privilege escalation attacks that can often lead to data breaches. There are multiple things that organizations can do to improve and harden identity and access governance policies. This eWEEK slide show, using information from James Ducharme, vice president of identity products at RSA, shares six best practices to improve identity and access governance.


Understand What Privileged Access Is and Where It Is

Understand What Privileged Access Is and Where It Is

Privileged access is commonly thought of as just root or administrator accounts, but there are other definitions beyond infrastructure access—admin access to applications, accounts used to transfer money or data, and access to sensitive information such as patient records or personal information. Defining privileged access in technical and business terms allows organizations to understand and classify the access that the accounts and identities hold. Providing visibility of where privileged access is and who has it enables organizations to monitor if it changes or is used.


Make Identity Part of the Security Operations Center

Make Identity Part of the Security Operations Center

With understanding and context of privileged access, it is much easier to monitor it and understand when it is being used. Identity context enables an analyst to understand the relationship of an identity’s normal accounts to any privileged access that they may also have.  Thus, accounts that could be used for escalation can be monitored or deactivated. An analyst can also prioritize threats that are detected involving privileged access. 


Advertisement

Integrate With Governance and Life Cycle Processes

Integrate With Governance and Life Cycle Processes

Not all organizations that have deployed privileged identity management technology have put identity governance or life cycle processes around them. This means that identities retain the use of privileged access accumulated over time, so there are more accounts that can be compromised for escalation or can be used if the person becomes disgruntled and decides to act maliciously.


Use Strong Authentication With Privileged Access

Use Strong Authentication With Privileged Access

When using privileged access either directly or through a privileged access management (PAM) technology, typically there is still a need for a user name and password. Whenever a person is about to authenticate with a privileged account, there is a need for at least a second factor to assure that the user is who he says he is. 


Have Clear Business Objectives, Strategies and Metrics

Have Clear Business Objectives, Strategies and Metrics

Companies shouldn’t start an identity project until they have an understanding of what they want to do, the scope of applications they want to cover and the metrics they want to use to measure success.


Don’t Start With an IT Provisioning Focus

Don't Start With an IT Provisioning Focus

Provisioning-focused approaches look to take bad data, maybe clean it up a bit and then develop lots of code to make the data work in a process. However, the data and the processes change and so the code needs to change, resulting in a vicious cycle of pain and expense. Identity governance takes the approach of first gaining visibility of the data, who has what access, how to they get it, then using that to clean and remediate the access to improve control and reduce risk while also getting it ready for provisioning. Automating the provision of access is then a much simpler and effective process that can be easily adapted to changes in the business.
SUMMARY:

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.