In my last post, I introduced four steps you can take to limit vendor risk. In this month’s post, we’ll take a slightly deeper dive into step 1: properly granting and removing access.
Access to systems must be controlled and granted only with proper approvals. If you follow the steps below, you can easily maintain proper user access to systems.
- Onboard – Access to systems should be approved by both the business and IT owner prior to granting access.
- Manage – An access request system should be utilized for requesting and approving access. This will also provide the required documentation for compliance.
- Support – Processes and controls should be in place to ensure new users who have been granted access during the period have received the appropriate approvals.
- Deactivate – A review of terminated users and removal of their access should be performed upon termination.
An Identity and Access Management (IAM) system can be used to accomplish the objectives stated above. There are a number of options available from leading IAM vendors:
- CA Identity Manager
- Dell One Identity Manager
- Oracle Identity Manager
- RSA Via Access
- IBM Security Identity Manager
Simeio Solutions can assist you with the setup and ongoing operational activities with any of these IAM software platforms. Simeio Solutions is vendor agnostic, and so we can support any IAM software you may chose. Thanks for reading, I hope you have enjoyed.
In next month’s post, I’ll discuss Step 2 in the process: identify and control who is accessing your critical information.
Project/Service Delivery Manager