Identity Management – Know Your Environment, Know your Users - WST

Managing and supporting all the identities used by an organization is often a daunting task, but it is critical to understand and control all the various accounts in your environment. The process generally starts with knowing your environment first.

Active Directory is still the primary user database for most organizations, but it is rarely the only place that holds critical accounts. As organizations add services and resources, the number of platforms that require identity management goes up. Consider the short list of services below, think about what your organization is using for each, and then consider how users are managed in each platform:

Each of the systems and platforms above are going to have some sort of user database associated with it - even if it’s just for administrative access - and each of those should have identity management processes in place. Some platforms may offer single sign-on services that can reduce administrative overhead – but that doesn’t remove the need to understand and catalog that integration.

When you have documented your environment, then you can look at enhancing your identity management processes, such as staff onboarding, offboarding, and role changes, to include the added platforms and systems. You can also tighten up your regularly scheduled user access reviews to include the additions, so you can confirm that the day-to-day identity management processes are working as expected.

Lastly, consider that these processes may not just be IT’s responsibility. Human Resources, business unit leaders, internal audit, and Information Security may all have input when answering the “who needs access to what” question. Think about the specifics in your organization and consider what gaps may need to be addressed.

Authored by: David Bentley, CISSP