How do you intelligently determine the identity governance policies/procedures for a growing company?


As my company grows, identity governance has changed from something that I rarely thought about to something that consumes more and more time. The guy that always needed to have his password reset was worth a chuckle when I delt with a few dozen employees. Now that the number has multiplied, little things like that aren't so funny and they add up to a noticeable waste of time. What have people making the transition to larger size found to be a workable approach to identity governance? Our current approach of my manually managing all those identities is becoming less and less attractive.

Answer this Question


2 total
Vote Up (11)

The more employees, the more necessary identity automation becomes.  Depending on your industry, there may be regulations such as HIPAA or Sarbanes-Oxley that force you to have a roust identity governance policy in order to be in compliance.  So determining whether your business falls under these or other laws, and what the law requires for compliance would be my first step in creating an identity governance policy.  Beyond that, some of it is common sense whether automated or not, such as purging accounts of former employees.  Identity governance is an automated process of controlling and managing user access to company data, so it is more than just the issuance and recovery of lost passwords.  In the end, the central purpose is to track identity related items that represent a risk of financial loss or damage to your company reputation.  There are plenty of vendors that can provide identity management tools, and it would probably make your life easier.  You have to be confident that the correct people have access to the appropriate system, and all identities are properly assigned and controlled.  

Vote Up (9)

Hi RomanZ,

Here's an interesting article about identity governance and the issues related to it. I wish I could definitely answer your question. Alas, it's a bit outside of my experience. I hope you find the article useful though.

How identity governance solves the compliance challenges left by provisioning technology

There is also an interesting article on identity management systems on Wikipedia that you might find useful.

Identity management system

Ask a question

Join Now or Sign In to ask a question.
Was HP's CIO the best paid in the country in 2012? Maybe.
The Apple TV is like that old friend from college--pretty cool, but always crashing in your living room. Its inconsistent stability, frustratingly anemic content offering, and lack of rich input methods have kept it from becoming what Apple enthusiasts long swore it would be: the iPhone of TV set-top boxes. Though its interface and hardware continue to evolve, the little black box faces real competition from faster-moving players that are offering more, like the Roku 3 and the new Fire TV from Amazon.
The world's top 1,000 websites have been patched to protect their servers against the "Heartbleed" exploit, but up to 2% of the top million were still vulnerable as of last week.
In today's accessible technology roundup: Google wants to embed cameras in contact lenses, Apple gets a patent for a new GUI for touch devices to improve accessibility and a hacker develops a virtual cane for the blind
Tech workers suing over an alleged no-poaching agreement among Silicon Valley firms are fighting an attempt by defendants to ban evidence that might portray Steve Jobs as a bad guy.
The U.S. Federal Communications Commission will reserve a significant amount of spectrum in its upcoming auctions of the television band for unlicensed uses such as Wi-Fi, agency officials said Friday.
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
Twitter's new mobile advertising suite lets companies pitch their mobile apps in promoted tweets or place ads inside other apps.
A Google complaint against Apple-backed patent consortium Rockstar will stay in a California court rather than be moved to Texas where Rockstar already has patent lawsuits against Google's Android partners, the California court ordered Thursday.
Alibaba's Tmall and Taobao sites already sell everything from clothes and furniture to car tires and medicines. But soon they'll also be offering 3G data and voice call plans as well, the Chinese e-commerce giant said Thursday.

White Papers & Webcasts

See more White Papers | Webcasts