Identity and Access Management - Overview

Today’s business trends are heading one direction – increased need to be compliant with new regulations, rapid proliferation of users and devices, more distributed applications and data, a rise in internet-based service provisioning. Managing all of this information and the users who access is a formidable challenge to organizations. It is also an opportunity for leading organizations to gain competitive advantage and outpace their competition.

According to Gartner's Reseach:

• Enterprises have an average of 68 external and 12 internal account stores.
• 75% of internal users and 38% of external users are in multiple account stores.
• Password resets cost between $57 and $147 and this makes up 48% of all helpdesk calls.
• Users are provisioned to an average of 16 different accounts, but at termination are deprovisioned from only 10.

Many CIOs are facing serious challenges related to Identity and Access Management (IDA) and Identity Lifecycle Management (ILM). It's not only about the critical nature of information security, but it's also about swiftly enabling authorized users with access to company resources.

You may be experiencing painful burdens associated with having costly or inefficient management of users' identities - their accounts, passwords and access credentials. If you’re user environment is one where passwords are written on sticky notes, the IT staff manually handles every facet of account creation, and there are seemingly interminable delays in account provisioning and deprovisioning, you are primed to realize tremendous benefit from the right Identity and Access Management solution.
(View more Identity and Access Management Resources.)

What is Identity and Access Management?

Identity and Access Management is the process and technology associated with creating and maintaining system-identities for each discrete person or device that needs access to corporate information systems and applications. It includes provisioning of those access requirements, integration with existing directory services, single sign-on, centrally controlled authentication and access policies, the federation of identities across the organization, plus auditable reporting across the enterprise.

The Ensynch Difference

Ensynch has assembled a world-class team (view press release) of Identity and Access Management professionals unlike any other. With 2 Microsoft Most Valuable Professionals (MVP) for Identity Lifecycle Manager (view their blogs), out of only a handful in the world, our clients know they are getting proven, consistent solutions and "Whatever IT Takes" commitment, to deliver unparalleled return on investment. View our Identity and Access Management resume.

Ensynch empowers business by assessing the current strengths and weaknesses to progress through the following four levels of optimization for Identity and Access Management that will take an organization from Basic, in which there is an inconsistency in IT policy and standards concerning user authentication and security, to Dynamic, in which user provisioning is centrally managed across heterogeneous systems.

Basic

A basic Identity and Access Management infrastructure is characterized by lax or inconsistent IT policies and standards concerning user authentication and security. Users may even have different digital identities across systems. Frequently there are no unifying server-based identity or access-management tools in place and directory services are not deployed to authenticate most users. There is limited or inconsistent use of passwords and no consistent process for granting resource access—in fact, there is little protection against unauthorized access to sensitive information. Administrative rights are poorly regulated, with most users operating in administrator mode by default, which leaves networks vulnerable to malware and increases TCO because users can make unapproved system changes, which impacts IT and especially the help desk.

Organizations at this level may have difficulty complying with government regulations and a large volume of help-desk calls is common.

Standardized

Organizations at this level employ Active Directory directory services for authentication only. Users can access the administrator mode at will and security templates are applied to standard images. There are a reduced number of digital identities and a lower volume of help-desk calls, but there are no provisions for assigning resources to specific users. Desktops are not controlled by Group Policy.

Rationalized

At this level, companies use directory tools to administer desktop and server configurations and security. At this level, companies also have solutions to protect information in place. They have implemented role-based administration and are establishing a platform for implementing regulatory compliance, with directories and identity stores operating in-synch. These organizations are able to recover user systems and information after user errors, power outages, and technology disruptions.

Dynamic

At a dynamic level of Identity and Access Management, user provisioning is centrally managed across heterogeneous systems. Provisioning and deprovisioning are fully automated processes with auditable reporting. Dynamic organizations use federated identity management.

Identity and Access Management Related Products

Microsoft Identity Lifecycle Manager (ILM) 2
Windows Server 2008
Active Directory and Active Directory Lightweight Directory Services
Certificate Lifecycle Manager
Rights Management Server
Exchange Server 2007
Microsoft System Center suite
Microsoft Office Sharepoint Server (MOSS) 2007

View blogs from Ensynch experts in this area:

Request more information about how Ensynch can help you with Identity and Access Management.