In the community of IT security initiatives, identity and access management (IAM) are considered to be of high value. But the processes, technologies and policies to manage digital identities and controlling how identities can be used to access resources are notoriously problematic to implement.
This dilemma has led to the rise of what is called identity governance, which involves the definition and implementation of processes related to identifying businesses that are most critical to the organization.
Here are ten most common factors to measure the effectiveness of the governance identity.
1. Volume reset passwords per month
This is a classic in identity management, and also key to help organizations measure the effectiveness of their programs of AMI. If the passwords are not regularly exchanged, the organization’s policies, and password management tools require a closer look.
2. Average number of different logins per user
Another classic of AMI, and for many years, a justification for hiring systems Single Sign-On (SSO). A typical business user needs to log on multiple times to get access to various business applications used in their work. And the average accounts per user varies from ten to twelve.
The need to remember multiple passwords is a major cause of problems. That’s the reason why organizations should strive to make the average per-user accounts only fall to the lowest possible amount. The ability to log on once and gain access to various systems, should be the ‘golden dream’ of identity management projects.
3. Number of accounts uncorrelated
The accounts that have no owner, and occur most often when a change occurs, such as a promotion or a dismissal, and that person’s accounts are not managed properly. Many accounts uncorrelated can lead to an unnecessary risk.
4. Number of new accounts provisioned
This number should closely monitor the amount of new employees to the organization. An effective program of AMI should be prepared to welcome new users who need access to systems and applications. If there is a significant discrepancy between the number of provisioned accounts and the total number of new users during a certain period, this imbalance indicates inefficient processes and poor identity data.
5. Average time required for the supply or provision of a user
This shows the time duration a new user has to wait to access the resources they need to do their job. It has ramifications implicit in productivity and return on investment (ROI). This metric can signal a business process that needs to be reviewed and possibly adjusted.
6. Average time required to authorize a change
This metric can provide insights into the efficiency of the approval processes of an organization. For example, if there are four people involved in the adoption of access to a sales representative to the system, and the password to take two weeks to be granted, the sales representative will be limited in their ability to sell. Knowing how long it takes to get approvals can help to identify process bottlenecks.
7. Number of system or privileged accounts without owner
They appear almost always when people who had access to important resources, no longer have such access, but never have their privileges removed.
8. Number of exceptions per cycle access to the re-certification
A large number of exceptions is a strong indicator of poor quality identity data (for example, many users have access to resources that they should not have), or problems in the process (that is, the person applying for re-certification does not have all the information necessary to complete the process).
9. Number of exceptions of reconciliation
Exceptions reconciliation are typically caused by the inability of a reliable platform for AMI that bind an identity to an account in a target system. These exceptions should tend to zero over time, and any peak should trigger further investigation and further discussion.
10. Segregation of duties violations
Among common examples of violations of separation of duties are developers who have administrator access to production databases and traders can submit and approve their own transactions. They are more difficult to capture and measure, given its sophistication and natural crossing functions. Achievements of these illicit cross-profiles are the kind that often create headline. The organization shall implement control measures to prevent these violations, report them and try to remedy them.
It is often difficult to understand the scope and ramifications of these types of people and damage to the process until concrete measures are taken to resolve them.
Only with the appropriate metrics, an organization can measure its effectiveness and success in the efficient management of user access and make the necessary adjustments to reap significant operational benefits. If you got an e-governance services identity initiative, should try their best to follow some of these metrics.
- How Cloud Computing Is Changing The Labor Market - March 25, 2015
- Adopting Infrastructure as a Service Can be a Good Deal - March 17, 2015
- Will Virtualize? Take These Six Points Into Consideration - March 12, 2015