2019 SailPoint Identity Insider Magazine - Magazine - Page 24
The 2019 Identity Report
The 4 Things You Should Do Now
Given what we learned from the survey respondents, there are certain
things every organization should do to both further mature their identity
program and better secure corporate resources:
Perform a full audit on identities’ access to
systems, applications and data across your
entire enterprise.
•
•
This means identifying weak areas
in visibility over users’ access to any
corporate resource as well as determining
where the baseline is today in comparison
to the program’s ideal state.
Don’t forget to determine the level of
connectivity among each part of the
security environment. Every system and
resource should be connected to your
identity governance solution.
Get control over data.
•
The first step is to find and classify all
data within the enterprise. A tool that
can discover data automatically in both
structured and unstructured systems will be
extremely beneficial.
•
That same solution should also be able to
classify data and score it in terms of risk,
marking certain files or repositories as
sensitive information.
•
Elect owners for all data by asking users to
collaboratively vote on who should own it.
More than likely, the most prolific user will
not be the one that is chosen, but instead
someone in a supervisory or project
management role.
Ensure all the identity processes that can
be automated, are.
•
24
|
When users either join, move or leave the
company, access should be provisioned
or deprovisioned immediately and
checked against policies to ensure only
the minimum amount of access has been
governed for their current role.
•
Enable self-service when possible and
appropriate given security policies for
services including password resets and
access requests.
•
Build a channel for users to request
procurement of new applications, but don’t
make it overly complicated. (This can help
to combat shadow IT.)
SAILPOINT IDENTIT Y INSIDER
Regularly review and alter, if necessary,
each aspect of the identity program.
•
This includes more than just setting certain
processes like re-certification on a set
schedule. It also means taking a step
back and gauging what kind of impact
the identity program has on the business,
as well as its likeness to the ideal state
determined when it was first implemented.