Identity Access Management is first step for Information Security
Identity Access Management (IAM) is being talked since more than a decade. There are still a big gap in using the IAM solutions by large organizations. Most of enterprises, are working in old fashioned manner and have no visibility on who is accessing what in their system(s) and if it is appropriate to their roles and responsibilities. User management, in context of joiners, movers and leavers are quite poor. There are hardly a control on unauthorized access for orphan accounts. Whenever someone leaves the organization, his access is disabled and user still stays in repository. This puts a high risk on the organization, if someone activates the user, it is very easy to misuse the credentials.
When a new employee joins, application for access request goes from one application owners to other requesting appropriate access (Like AD, any ERP, or any other home grown application), and same procedure is repeated once someone leaves for revoking the access. This is quite a time taking process and new employee waits for weeks to be productive on his role.
A challenge being faced by IT auditors, they are unable to get a right reports from IT Team on this subject. Somehow, they are managing and trying to complete their audit processes. This is a key pain area for Information Security team in the organization. Information Security team implementing lots of security solutions but still lacking in IAM.
IAM solution brings unified governance to manage identities in the system. It keeps organization to stay compliant, provide single interface to request and revoke access for applications. It gives a capability to certify the user access time to time to ensure correct and appropriate access level is maintained in the system.