User Provisioning: the right access, right now

Think back to your first day of work at a new job (could be your current one or a past one.) Remember how exciting things were, you were in HR orientation learning about your benefits and vacation policy – learning about your 401k options… all that good stuff that you get filled with when you join a company. Then the HR rep walks you to your new cubicle (because who really gets an office anymore) and you’re ready to get to work. Then, the emptiness sets in. Over the next 45 min you try to log on to your machine, you try to get email set -up, you try to get access to (enter system/application du jour here.) Then you get on the phone with the help desk after you get the number from your new cube mate (who’s already annoyed that that you’re there sharing their space) because you have no access to systems to look the help desk phone number up. An hour and a half later, you are finally up and running – at least for today. Sound familiar?

Welcome to the world of user provisioning. What seems like such a simple task -- giving people access to the systems, applications, and general business data they need -- is really more of a three headed monster than most of us earthlings will ever realize. Dave Kearns wrote a great article on user provisioning earlier this week that I found particularly insightful. In the piece, Kearns reveals three key events in an employee’s life at a company where provisioning comes into play; when they join the company, when they change jobs/ responsibilities, and when they leave the company, and why they are important.

While giving employees access to the right resources in a timely manner is critical to business productivity, just as critical is removing access to resources when they are no longer required to perform a task or after that employee has left the company. After all, do you really want someone who has moved from a marketing management position into a sales position to have access to the payroll data for the entire marketing organization? I think not. So, what’s the answer? You got it!  User provisioning. How does your organization remove access to resources, while providing access to new resources in a timely manner for your employees?

While productivity and burden on the help desk are great cases for getting user provisioning right, the first time, Kearns proposes that security is an even more important reason to get your provisioning right. And I must say, I agree here. Unnecessary access to information after a user has changed roles or left the company poses one of the greatest threats to the security of your business. All it takes is one person with malicious intent who abuses their access to critical data for a data breach to occur. Yes folks, it only takes one – one person – to run the train off the tracks and the next thing you know, your company is front page news due to a data breach.

So how do you prevent these things from happening? It all starts with your approach to user provisioning. If you take the steps towards automating user provisioning, you have the ability to reduce deviation from process (and the mistakes that can easily result) and drastically reduce the time it takes to provide or revoke access to critical data. Automation really is the difference between user provisioning and securely provisioning users. The latter enables you to really protect your business, while still meeting its needs.

Labels:

Identity & Access Mgmt
Anonymous