IAM Governance is Critical
Transitioning to an IAM product and associated features can move organizations a long way down the security continuum. New technologies and emerging architectural frameworks have made it possible to protect corporate infrastructures in unprecedented ways. Analytics can be leveraged to provide deep insight into the corporate security space.
What many organizations struggle with is how to best use all this new information and to provide management oversight and governance that gives designated management the ability to make better decisions about security policies and to make appropriate adjustments very quickly if security weaknesses are pinpointed. There are also instances where organizations can learn from security breaches in other organizations and quickly implement appropriate changes in security policy to mitigate newly realized risks.
The IAM governance body is the management arm responsible for creating and maintaining all organizational IAM security policies. It is critical to understand that an IAM implementation is not a project with defined begin and end dates but rather a permanent part of the organization, which requires oversight and management. The governance body addresses basic and complex security matters such as composition of user ids and passwords, reset criteria, on-boarding and off-boarding of individuals, recertification, authentication/authorization policies, service-level agreements, and overall corporate security policies. It is often useful to include technical supporting members who can participate in discussions around the level of technical effort required to implement a new security capability or technology that is under consideration.
How Soch Can Help
Soch provides professional facilitation to assist corporate management in establishing governance bodies with proper definition of roles and responsibilities such that the benefits of modern IAM are fully realized. Our facilitators can help organizations down the governance continuum by assisting with role definition, security delegation policies, and how best to manage approvals for security access requests. Ideally, this work should begin in conjunction with the technical IAM implementation.
Soch’s experience and research indicates that it is good to start small and to grow the governance capability over time. Responsibilities have to be aligned and the members have to get accustomed to a new way of looking at managing security at an organizational level and to transition away from a silo approach to managing security policy.
Soch offers rich analytics and reporting capabilities as well as experience educating and facilitating management on the importance of IAM governance.