Matt Hamlin, over at Sun, mentioned a conversation we had last week about a topic in identity management which doesn’t usually get a lot of airtime: the correlation of accounts to people. The exercise is the first step in answering Matt’s simple question of “Who has access to what?” Matt writes:
This step is the foundation for Access Certification, Role Mining, Entitlements Management, Policy Evaluation, Identity Auditing, and numerous other custom services developed by our customers.
There were two major omissions in his list: password management and user provisioning. The reality is the correlating of accounts to people is a requirement for all identity management exercises. This correlation isn’t glamorous work and isn’t a one time affair. None the less, it is crucial “Identity Gold” for identity management projects, but also as the foundation for risk mitigation exercises as well.
Here’s a tip to enterprises out there – ask your software vendors and deployment teams what capabilities they have to help facilitate this correlation. Ask early and before you start down the path of an identity project. Make it an on-going process governed by your overall identity management program.
I’ll be touching on this a bit in an upcoming Telebriefing I am doing. On October 1st and 2nd, I’ll be giving a sneak peak of my research on access certification and will cover this and other topics. If you are a Burton Group subscriber, you should check it out. If you aren’t a BG customer, you should become one.