The challenges companies face today due to the volatile innovation speed of IT, new business ideas and increasing requirements from law or regulatory authorities can only be met when companies will use best-practices. We believe that companies will not have the time and resources to invest too heavily into custom built solutions because otherwise the future challenges of the markets will not be met.
Best-practices are to be understood as means to build a solid foundation in terms of basic technologies, processes and interfaces. Using best-practices means benchmarking every requirement against similar existing solutions. When using best-practices accordingly they deliver operational stability, transparency for administrators, users and audit. In short: best-practices can build the foundation to enable an agile approach to all technical and regulatory issues on the horizon. Best-practices enable a path to the future.
To make this happen in our industry – and not only in single projects but overall - product companies as OMADA and consulting companies must embrace this idea and help the customers with new ideas.
IdentityPROCESS+ is Omada’s best-practice answer for IGA processes. It is a process framework build based on customer interaction and proven success. Of course, there will always exist use cases not covered by IdentityPROCESS+. But this is not the vision. A best-practice approach heads for an 80% coverage leaving enough options for doing adjustments or the integration of new technologies earlier than a standard is available.
IdentityPROCESS+ and successfully proven implementation concepts and methodologies enable customers to benchmark the requirements against best-practices. This finally leads to getting rid of old habits and practices to recharge and enable the company to attack the challenges by starting from a solid position.
Risk management, of course, is another key management discipline which is much easier when using standards or proven best-practices.
OMADA believes that the competition, as well as most companies, can accept the topics addressed in IdentityPROCESS+ as valid best-practices even if the solution partly differs from company to company. Hopefully the industry evolves to a best-practice standard approach to ease the challenges to come for our customers.
Key takeaways:
Access certification is the process of validating access rights within systems. This compulsery process is at the cornerstone of most of the security policies and
compliance framework; however, it can be a very daunting process for some organizations with dispersed systems, workforce, and partners which do not have tools, resources, and a centralized identity directory. With access certification, organizations and regulations aim to formally validate users within systems and ensure their access rights are appropriate.
Access certifications are no longer limited to reviewing an IAM role model. Both digital transformation initiatives and new compliance constraints such as GDPR raised the need to deploy access certifications campaigns accross the company to migitate new risks: Who can access to personal data? Who can leverage privileged accounts? Are those SoD risks properly mitigated? Are those third party managed systems access rights aligned with the security policy?, ... Long story short: Access certification is a clever way of industrializing controls to mitigate risks and ensure compliance.
This raised new challenges: How to be able to review any kind of information, whether or not it is managed through a legacy IAM system, and more importantly, how to make those acess certification campaigns work, given the fact that a business user will spend no more than 3 minutes to review thoses entries...
During this conference, we will describe a framework used to successfully deploy access certifications campaigns within months and we will demonstrate through a live demo that it is possible to efficiently review 2000 entries within 3 minutes with the help of Identity Analytics algorithms.
Key takeways:
- An actionable framework to successfully deploy access certifications campaigns
- An inovative way of reviewing thousands of entries within minutes
- Access certification interfaces that business users love
