How do you intelligently determine the identity governance policies/procedures for a growing company?


As my company grows, identity governance has changed from something that I rarely thought about to something that consumes more and more time. The guy that always needed to have his password reset was worth a chuckle when I delt with a few dozen employees. Now that the number has multiplied, little things like that aren't so funny and they add up to a noticeable waste of time. What have people making the transition to larger size found to be a workable approach to identity governance? Our current approach of my manually managing all those identities is becoming less and less attractive.

Answer this Question


2 total
Vote Up (13)

The more employees, the more necessary identity automation becomes.  Depending on your industry, there may be regulations such as HIPAA or Sarbanes-Oxley that force you to have a roust identity governance policy in order to be in compliance.  So determining whether your business falls under these or other laws, and what the law requires for compliance would be my first step in creating an identity governance policy.  Beyond that, some of it is common sense whether automated or not, such as purging accounts of former employees.  Identity governance is an automated process of controlling and managing user access to company data, so it is more than just the issuance and recovery of lost passwords.  In the end, the central purpose is to track identity related items that represent a risk of financial loss or damage to your company reputation.  There are plenty of vendors that can provide identity management tools, and it would probably make your life easier.  You have to be confident that the correct people have access to the appropriate system, and all identities are properly assigned and controlled.  

Vote Up (11)

Hi RomanZ,

Here's an interesting article about identity governance and the issues related to it. I wish I could definitely answer your question. Alas, it's a bit outside of my experience. I hope you find the article useful though.

How identity governance solves the compliance challenges left by provisioning technology

There is also an interesting article on identity management systems on Wikipedia that you might find useful.

Identity management system

Ask a question

Join Now or Sign In to ask a question.
It's a good – no, make that great – time to become an IT recruiter.
California's Department of Motor Vehicles is tapping the brakes on our robotic future, requiring all self-driving cars to include full human controls during testing.
Most people start thinking about retirement when they turn 70, if they haven't already called it a career. Not Oracle CEO Larry Ellison, who passed that milestone Sunday.
A U.S. lawmaker wants to rebrand the term net neutrality because its definition is confusing to many people.
U.S government agencies will work to release cyberthreat information faster to the health-care industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.
Path is clear for approval of H-1B spouse rule, other changes may come too. is hoping to attract more consumers from China, with a new agreement that will let the U.S. e-commerce company bring millions of products from its international sites to the country as imported goods.
Extending its desktop virtualization stack, VMware has acquired CloudVolumes, a 3-year-old startup that developed software for delivering virtualized applications on the fly.
Hewlett-Packard reported a slight uptick in revenue for the second calendar quarter as its PC sales increased again.
IT is out of the backroom and in the front office – so it's time to hire candidates who match that new reality.
Join us: