This article can also be found in the Premium Editorial Download "Information Security magazine: Why business managers are a breed of security professional."
Download it now to read this article plus other related content.
The Final Frontier
This phase includes setting up a test bed, building a prototype, rolling out an early adoption phase and then pushing the project into production.
Though this sounds fairly straightforward, security managers must continue to oversee the deployment to ensure that design and operational goals are met.
An IAM project has no shortage of moving parts, so it's easy to get lost or have some minor problem cascade into a major showstopper. Security managers must keep meticulous records on the implementation process to troubleshoot the inevitable kinks and avoid any future problems.
To ensure progress, security managers must also make training an ongoing process. Users must be taught the mechanics of the IAM, so they will understand the protections, processes and limitations on their access rights. And, business managers must be educated on the need for maintaining IAM integrity. Shortcuts and ad hoc processes and mechanisms will undermine the IAM efficiency and, ultimately, overall security.
Unanticipated security vulnerabilities or process problems will crop up—and security managers must stay on top of them. With a project of this significance, it's better to delay deployment than to roll out systems that frustrate users and don't work.
Overall, patience is a virtue. This project will require time, money and loads of cooperation. Security managers should approach
IAM as politicians—not police officers.
Identity is truly an area where security and business initiatives go hand-in-hand, so savvy security managers can use this critical project as a way to improve security, formalize controls, reduce operating overhead and support business initiatives. This was first published in June 2005
Identity is truly an area where security and business initiatives go hand-in-hand, so savvy security managers can use this critical project as a way to improve security, formalize controls, reduce operating overhead and support business initiatives.
This was first published in June 2005