Transcription
tionJourneyAstrategyforMSPsandServiceDeskteams
acechange,modernizetheirITinfrastructure,andallow formationjourneyfrom ents,andusersallview ork.Accordingtoastudyfrom gyandimprovehow theycan mlineoperationsand remployees’abilitytoadapttonew sofwhatSaaS,cloud,ornew ed throughout their workday.Efficient blishinganoverridingstrategythatincludesmanaging risks,meeting compliance goalsand businessobjectives,improving securityand productivity,and controlling and aging dentityManagementprocesses.ying Identity Management best practice principles and leveraging ashouldbepartofyour rststepsonthis(your)journey.
ForewordThe Identity Management StrategyPreparing your Organization for the JourneyApplying Identity Management for yourDigital Transformation JourneyIdentity ProvisioningOnboarding and OffboardingAuthentication and AuthorizationUser Entitlement - AccessIdentity Provisioning ChecklistIdentity ManagementRequest and Approval ProcessAccess Provisioning and De-provisioningRule EnforcementIdentity Management ChecklistIdentity GovernanceLogging, Reporting and AuditingAccess Review and VerificationAccount ReconciliationError and Exception HandlingIdentity Governance ChecklistSummaryAcknowledgments and References,I I I 12456791112131517192021232425272830\j---,-. --""'1.'1'\ J' :,lIII
strategyincludestenelements:rdingandoffboarding1. Onboahenticationandauthorization2. d“needtoknow”3. Ustandapprovalprocesses4. Requescessprovisioninganddeprovisioning5. Aceenforcement6. Rulogging,reportingandauditing7. Lcessreviewandcertication8. Accountreconciliation9. orandExceptionHandlingp.1
�Beginwiththeendinmind”–thisfamiliarproverb ildthefoundation correctly,and each digitaltransformation iteration willgo smoothlyand rnewtransformativeApp,SaaS,orCloudsystem willmaintainitsavailability,accountabilityandcon ntarethe bestwayto thappointing seniorpeopleto entteamshouldbeappointedtodesignaprogram rnance.p.2
gewithinanyorganization startswiththeimplementation portand feedbackto educateand arefullyevaluateanynew system theleastamountofcustomization tointegratewithexisting orfuturesystems.Businessautomation should be a lifyandstreamlinetheworkowandapprovalprocess.p.3
tionJourneyp.4
lkngCheconiisiovyPrtidentI5p.
yerconductacompleteidentityinspection rightfrom the startand takethe mation,asappropriate,from ssignauniqueuserIDtoeveryperson.Usedfrom edto.Additionalbackgroundtestingmayberequired forhigherlevelemployees,butthe baseline should be processes.DigitalTransformationinShortcess mustbe granted,controlled,and on termination, the system integrity andcon dentialitymustbepreserved.p.6
processesinplacetocontrolaccesstosystems and keep the organization information con n isusuallyachieved bymatching the userID with auniquememorizeditem ifytheiridentity.p.7
horizationisalistofentitlements,usuallymatched tems shouldimplement consistent rules to establish nimum levelofauthoritywithinthesystem ingaccesstothesystem svaluablehelpdeskcalltime and reduces the onincludeimplementinganIdentityManagementsystem akecontroloftheirownaccess!p.8
thinthesystem.Accessrightsshouldmatchtheminimum heriskfortheorganization thatinformation and accesscan bemisused rtTomeetsecuritystandards,asystem ActiveDirectory–toallowthesystem gheachfunction.p.9
tbe osecon igitalTransformationinShorterentitlementshould rson.Activitylogs should be compiled for ementsystem isrestrictedtotheminimumrequiredaccess.System ssisessentialtoallow oreeasily.Acentralizedtrackingsystem eapplications.p.10
eneaFunctionandaRolewithinthatFunction(Eg.Sales Manager,Finance achtaskorentitlementrequiredtoperform rgeroracquisition,regularlyremovesystem accessfrom rolesthatshownoorinfrequentuse.p.11
yManagementChecklistp.12
eadauser’sacesstoasystem tobechanged.Forexample,overauser’s employmentlife,they arelikelytochange roles sare upgraded toexpand the breadth ofusercapabilities.Othertimes,information needsto bereclassied.Thinkforexampleaboutgoing through anacquisition,onboarding a new client,or implementing pplication ManagerorInformation Custodianandensurethatallsystem accessrequestsarereviewedandapprovedbythem.p.13
tionswhereusers'system ay,aslongasthesechangesfollow theproperchainofapprovals.Accesstoabusinesssystem con eatly benecialtoyourorganization.By allowing information s.
pointofhiringordismissalaspossible.Setting up workows toautomate a provisioning and deprovisioning systemmonitored/approved bytheinformation custodian aginguserselfserviceandsystem pplicationsandplatformsThereareanynumberofSaaSand onpremisesapplicationsand Selectinganew ystemmustbecon formationinShortWhenselectinganynewsystem oreefficient,andmorereliable?p.15
securedirectoryoptionsthatprovidethe odisabledusersinrealtime.Centralizeprovisioning ordeprovisioning ectingtherightdirectorysystem rtonaccountand accessprovisioning ordeprovisioning itrecordofuseraccesschangesorcreationcomesin handywhen you need toknow whataccessneedsto tem 14
entityManagementhelpsenforce userrestrictionson the edfrom accessingcompanysystemsfrom .p.16
IdentityManagementImplementGroupPoliciesActive Directory uses Group Policies toapplythesetypes velsofsecurityand access.They maysetstandardsthatthe LineofBusinessApplication Manager or Information Custodiancanadheretofor oninShortAnIdentityManagementsystem willincreasethe processes’consistency by helping llchoosetherightsystem eatercontroland ingaccesstoitsinformationandassets.p.17
sswithinyoursystems.Ensureyoursystem storethem hroughreportsandhelpdetectsabnormalilities.p.19
ExceptionhandlingIdentityGovernanceChecklistp.18
tainingacentralizedrecordand accountofchangesmadetousers,roles,and group low ss(throughroles,task1. Asauthority,andgrouppolicy).ns tocollateand compareinformation,eitherthrough exporting2. A meainformation to aspreadsheetformatoraqueriabledatabasethatcan ogsanddisposeofthem dsIdentity Managementshouldinclude a system eeasilyaccessibleandallowfor anagementThe NationalInstitute ofStandardsand Technology ofthisdocument,itisimportantto mpaniestofollowtheseloggingstandardsorrisk ocumentwithalargerscopeundernaddition to being required by specic industries,manyISO 270012.Iinternationalorganizationswon’tdo m aftera3.Arprescribedperiod.p.19
IdentityGovernance
The Identity Management Strategy 1 Preparing your Organization for the Journey 2---, -. Applying Identity Management for your 4 Digital Transformation Journey Identity Provisioning 5 Onboarding and Offboarding 6 Authentication and Authorization 7 User Entitlement -Access 9 --""' Identity Provisioning Checklist 11 Identity Management 12 1
