In the first installment of this series, I emphasized the importance of approaching enterprise identity management with a plan in place to centralize policy and process, as well as steps to getting started. For smaller organizations, those recommendations may be enough.
Large organizations, however, should establish an Identity Governance Program Management Office to drive the implementation roadmap, select common toolsets and consistently meet federal audit requirements.
It’s tempting to assign identity governance implementation to security teams, the help desk or application owners. Each of those groups have a vested interest in its success. However, those three groups are stakeholders of a larger, more complex solution. Each has its own set of goals, whereas a multi-faceted PMO can provide architectural and project-planning and execution capabilities.
For example, there are a wide variety of tools available to help move your organization closer to a robust identity governance solution play a key role in success. You may even have some of the tools in place today, such as ticketing systems, log mining and robotics, that you need in order to start implementing automated workflow and account provisioning. They also enable a more robust audit trail.
Any one stakeholder or group can implement identity management to their specifications. However, implementing one consistent solution for all applications to follow requires a central vision, and the authority to enforce that vision. An Identity Governance PMO can deliver that consistency, preventing duplication of effort or system isolation.
In the second stage of the project, expect to:
- Establish a central identity authority database synchronized with available sources to track accounts
- Automate account provisioning and deactivation based on process triggers
- Support and enforce onboarding procedures for new systems
- Create audit and enforcement mechanisms through log mining
- Develop dashboards and consistent audit reporting and alerts across applications
- Implement a Privileged Access Management system for administrator accounts
Eventually, this effort can evolve into a third stage of maturity, in which a well-coordinated centralized identity management system provides:
- Improved dashboards allowing easier access to data and analytics
- Consistent audit reports across applications
- Applications using the central identity authority as definitive source
- Integration with asset management solutions to track equipment and other physical assets assigned to users
Identity management is a challenge, especially in a larger federal department or agency where hundreds or thousands of users need access to multiple systems and networks. Enterprise identity governance addresses the risks in a centralized, consistent manner that leads to consistent data analysis, easy auditability and accurate user management.