Gaps in business processes create a variety of scenarios where users have more access rights than is warranted by their relationship with an organization:
- Slow, unreliable or incomplete access deactivation when users leave, for example because of delayed notification to IT or incomplete inventory of what users have access to.
- Users accumulate access rights over time, as they move through different roles in an organization, acquire new rights needed for their new roles but never relinquish old, no-longer-needed ones.
- Violations of segregation-of-duties policy, whereby users have toxic combinations of privileges and are able to bypass internal controls.
- Inconsistently assigned rights, where different people who do the same job are assigned different rights.
- Excessive rights granted, especially when one user's rights are copied to another, because nobody understands exactly what rights are required to perform each job.
- Rights granted without proper approval or without leaving an audit trail, which makes it difficult to enforce other policies or to properly clean up access when users move or leave.
The Hitachi ID Identity Manager solution
Identity Manager strengthens security by:
- Quickly and reliably removing access to all systems and applications when users leave an organization.
- Finding and helping to clean up orphan and dormant accounts.
- Assigning standardized access rights, using roles and rules, to new and transitioned users.
- Enforcing policy regarding segregation of duties and identifying users who are already in violation.
- Ensuring that changes to user entitlements are always authorized before they are completed.
- Inviting business stake-holders to periodically review user entitlements and either certify or remove them, as appropriate.
- Reducing the number and scope of administrator-level accounts needed to manage user access to systems and applications.
- Providing readily accessible audit data regarding current and historical security entitlements, including who requested and approved every change.