Subscribe

Simple identity management is not enough

By Ilva Pieterse, ITWeb contributor
Johannesburg, 09 Apr 2008

The ever-increasing intricacies within the enterprise bring many challenges to effective identity and access management, including security risks.

"With the ever-increasing complexity of the enterprise, the challenge of effective identity and access management using the individual approach becomes insurmountable," explains Duncan Fisken, CA VP of EMEA security business development.

He says it is too cumbersome and complex for either a manual or even an automated approach to be used. "Adoption of a role-based or entitlement-centric approach to identity management facilitates automation, and therefore simplification and cost reduction."

<B>Security Summit 2008</B>

More information about the ITWeb Security Summit 2008, which takes place from 6 to 8 May at Vodaworld, Midrand, is available online here.

Fisken explains "entitlement" is a way of describing the complete set of resources, whether virtual, logical or physical, and associated access rights that an individual should have based not upon who they are, but on their job or position within the organisation.

"Thinking of identity and access management in the context of the job, or role within the organisation, greatly simplifies enterprise wide-identity management," he says.

According to Iniel Dreyer, security advisor at JD Group, identity lifecycle management (ILM) is another way to greatly simplify identity management within the organisation.

"ILM provides a solution for managing the lifecycle of user identities and associated credentials. It is the 'glue' that enables disparate systems to share identity information with each other in an efficient and automated fashion."

Dreyer states that ILM also assists in reducing high costs and risks associated with manual provisioning and de-provisioning of user identities. "ILM increases operational efficiency by allowing system administrators to maintain user identities from a central point."

However, new systems are not without new challenges, and Dreyer believes these lie in understanding the business needs and aligning it with technology. "ILM projects, like most other technologies, will fail if not properly aligned with business."

Related stories:
 Cyber-crime on the increase everywhere
Complex malware needs stricter security
Security Summit 2008 excites

Share