27
July 2015
Why do IT administrators want Identity & Access Management?
Andy Harris
Your IT administrators already know that Identity and Access Management (IAM) would make their life easier. Be it the ability to add, change or revoke a user’s access across devices, or simply Single Sign-On to systems, IAM provides a wealth of operational conveniences alongside its security benefits. But many organisations remain behind the times.
We recently experienced an interesting conversation with a well-known Managed Service Provider (MSP). They were managing the network of a large global company and one of their headaches was managing administrator access to devices. They had gone through a program updating privileged user rights across all devices. Out of the blue, the client advised that they needed to revoke one user’s access across a few hundred devices. It took them 9 hours…and they were not happy about it.
The provisioning, revoking and changing of privileged user rights is easy if all privileged users are issued with a unique user ID. Using this user ID, they can access all their authorized devices using strong authentication. Access rights would change, and a user’s ID would be revoked across all devices.
Another desire for IT Administrators is SSO. Organisations can have hundreds or even thousands of devices, meaning that administrators without the benefits of SSO have to log in to each of their devices. This is a real headache for administrators and a security risk for the organisation. Particularly if they are writing down access details or using the devices common admin password.
Unfortunately, many organisations are vastly behind when it comes to IAM. Be it down to an ever-evolving number of users needing privileged access, resources, time or budget, many organisations can’t meet the challenge and end up doing a poor job, resulting in a strain on existing resources and a negative budgetary impact.
Cost has always been a big constraint behind organisations reluctance to deploy IAM solutions. This is due to organisations looking at an IAM solution for the whole company rather than individual groups, such as privileged users.
Nowadays, there are many cost affordable IAM solutions for privileged users which use both Strong Authentication and SSO. Solutions like this can take a mere few moments to set-up role-based privileged users and install across many devices. These allow roles and access rights to change and remove the use of common admin passwords.
In deploying an IAM solution for privileged users, an organisation is making their employees lives easier. The biggest benefit is strengthening the security processes around privileged user activities, reducing a considerable amount of operational risk.
If you’d like to find out more about Osirium PAM, Contact us.