Q

Access control management strategy essentials

In our expert Q&A, Joel Dubin reviews essential components of an access management strategy and reveals how to deliver the plan to executives.

What is a good identity and access management control strategy, and how do I deliver it to executive management?
Without knowing details about your organization and its needs, it's tough to answer your question specifically. But, generally speaking, there are some common components that any access management control strategy should have. They include:

A thorough analysis of your user base. How many users do you have? How are they segmented? Are they segmented by

department or function? And, finally, what are their access needs?

An analysis of your technical infrastructure. Are you a Windows shop running .NET or a Unix shop running Java? This will make a difference in the selection of an access management system. Both management and the non-technical executives will be more interested in something that's compatible with your current IT plumbing rather than something that needs to be fitted to another platform.

An identity and access management control strategy that is functional and cost-effective. Executive management isn't interested in fancy technology, or how cool it is. They're interested in cold hard cash and want to make sure that your security implementations won't trash the bottom line in next year's budget.

Besides compatibility with your existing systems, a cost analysis of the proposed strategy needs to be done. These days, everybody's favorite phrase is "return on investment," or ROI. Access management plans, like most information security projects, do not generate direct revenue, making it difficult to measure the success of a given security program.

Finally, a good way to please your executives is to produce figures that show how the system might save the company money. For example, if you can document the potential decrease of help desk calls under a new access management system, you could demonstrate a hard dollar figure for cost savings. The most frequent calls to help desks are for password resets, and that's a number that can be quantified based on the cost of your help desk employees and the time they take to handle password issues.

More information:

  • Visit our resource center and learn how to improve Web access control in your enterprise.
  • Learn the components of an ASMS.
  • This was first published in December 2006

    Dig deeper on Web Authentication and Access Control

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close