The average person regularly uses passwords to 27 systems. Within an organisation, they also change roles multiple times while abandoning applications they no longer need. Sometimes they leave and there may be some accounts not disabled. Before long, an organisation has lost visibility of the access they are granting, and the ‘principle of least privilege’ is a distant dream.
Identity Management software can go a long way to solving this issue. Integrating single and same sign-on across multiple applications and systems can simplify providing and retiring access when an employee starts, moves roles, or leaves the organisation. Just taking care of Identity management will make your IT department’s role easier and will improve your employee’s experience while increasing security.
For organisations with higher security, more granular controls may be appropriate. This is where the Access management and the Identity Governance parts become relevant.
While identity management confirms to applications that an authorised person is logging in, access management, controls what that identity is permitted to do. For example, a sales person, when identified, is permitted to log into the company CRM but are they permitted to access their own customer’s information or should they be permitted to access every customer’s information? Are they permitted to access a single record at a time, or access the entire database in one go?
This is where, policy based decisions require Identity Governance. Content Security can help your business information owners understand the risks providing access to an application and the risks providing privileges within that application. We can also guide you on employee fraud and how to use identity and access management systems to prevent and detect it.
Chances are you have unused active accounts as well as privilege creep with active employees. If so, we can perform initial discovery audits to help you understand the magnitude of the problem. We can also provide consulting on what type of identity and access management system is right for you.
Our team are seasoned, experienced and business-minded security consultants with an average of 10 years experience across state and local government, health, finance, education, nonprofit organisations and more.