In my last post, I introduced four steps you can take to limit vendor risk. In this month’s post, we’ll take a slightly deeper dive into step 1: properly granting and removing access.
Access to systems must be controlled and granted only with proper approvals. If you follow the steps below, you can easily maintain proper user access to systems.
- Onboard – Access to systems should be approved by both the business and IT owner prior to granting access.
- Manage – An access request system should be utilized for requesting and approving access. This will also provide the required documentation for compliance.
- Support – Processes and controls should be in place to ensure new users who have been granted access during the period have received the appropriate approvals.
- Deactivate – A review of terminated users and removal of their access should be performed upon termination.
An Identity and Access Management (IAM) system can be used to accomplish the objectives stated above. There are a number of options available from leading IAM vendors:
- CA Identity Manager
- Dell One Identity Manager
- Oracle Identity Manager
- RSA Via Access
- IBM Security Identity Manager
Simeio Solutions can assist you with the setup and ongoing operational activities with any of these IAM software platforms. Simeio Solutions is vendor agnostic, and so we can support any IAM software you may chose. Thanks for reading, I hope you have enjoyed.
In next month’s post, I’ll discuss Step 2 in the process: identify and control who is accessing your critical information.
Project/Service Delivery Manager
As Simeio’s Vice President of Product, Abhi is a CyberSecurity leader and product management executive with 10+ years of repeated success in security innovation, helping Fortune 500 companies build industry-leading IT Security capabilities, and grow business value through improved customer engagement with initiatives like digital transformation.
Recognized by industry analysts Gartner for building the world’s most capable Identity as a Service (IDaaS) platform in their 2016 report; Winner of the 2017 Small Business Innovation Challenge in Canada for demonstrating leadership in security innovation for mobile IAM solutions; and member of team that built the market-leading role management product as recognized by Forrester Research & Gartner, by being the first to apply data science principles to CyberSecurity in 2007.