Sabir Singh Hundal is an Associated Services Consultant at our partner company Securience. In this article he looks at how Identity and Access Management automates business processes and enhances business performance.
Identity & Access Management (IAM) systems such as Able+ provide a framework for organisations to manage digital identity and keep track of identity lifecycle. With IAM, organisations can take control of digital risk by ensuring no identity has more privileges than required whilst also reducing costs through automation of repetitive processes. Here are some key areas to draw attention to when implementing IAM automation to reduce costs and increase productivity.
Cost Saving with Self-Service
If your organisation adopts a strict password recycle policy, it is likely that employees frequently forget their passwords and request a password reset. According to Forrester Research, each password reset can cost $70 and according to Gartner Group, password resets contribute to 20-50% of all helpdesk calls. This cost could be eliminated through a self-service password reset feature in IAM, allowing users to reset their passwords without waiting for IT helpdesk, thereby reducing operational cost and saving time.
Access requests are also a common helpdesk request resulting in loss of productivity and additional costs. This can also be automated and configured through IAM to notify line managers when their team members request access. Line managers can either approve or deny these requests almost instantly hence ensuring compliance and limiting loss in productivity.
Identity Lifecycle – Joiner, Movers, and Leavers (JML)
Manually provisioning access for new employees (Joiners) can be costly and time-consuming, especially if there is a high turnover in an organisation due to temporary staff or contractors. This joiners process could be automated in IAM by creating a logical flow which will consume data from the primary identity source (typically an HR system), create a login account (typically in Active Directory), provide the common access as everyone in the department (birth-right role), notify the line manager, and finally activate the account on the employee’s start date. This process could be triggered as soon as the user appears in the HR system, so the new joiner doesn’t have to wait for access on their first day.
Another use case which is often dealt with manually is when employees move departments in an organisation and require access as a part of their new job role. More often than not, movers tend to retain their old accesses for a prolonged time, which could be detrimental to the organisation during audits. When the user’s department change is reflected in the HR system, the IAM system can trigger the movers’ process and take automated actions based on pre-defined logic. The line managers from both departments could either approve or deny the mover’s process altogether. The previous line manager may choose to keep the employee’s access until their transition period to prevent any loss of productivity. The new line manager may deny the request if it appears to be a mistake or an insider attack.
An automated process to terminate access when employees leave organisations could prevent data loss and protect valuable company assets. Organisations that rely on manual processes to disable leaver’s accounts face critical security risks, especially in the case of a disgruntled employee who has enough motivation to wreak havoc to the business. Organisations could further strengthen leaver’s process by implementing Single Sign-On (SSO), which would deny access to all systems by disabling just the primary login account.
Advanced IAM Business Analytics
Through the data collected by an IAM system, organisations could produce a myriad of reports to satisfy auditing and compliance requirements. A couple of examples listed below:
- Reviewing login times and locations to check if the user logging into the system is legitimate or impersonating with a compromised account.
- A user logging into systems which no other user with the same role generally accesses. This could in turn trigger an automated access review for the user.
Integration with Artificial Intelligence and Machine Learning (AI & ML)
Modern IAM systems are shipped with out-of-the-box functionalities for integration with AI and ML platforms which could be a boon for organisations with legacy systems. Mainframe-based systems and third-party databases still serve as a backbone of several companies but there are several challenges with integrating them directly with IAM to achieve automation. This could be due to the absence of APIs or risk of voiding warranty for third-party systems. AI & ML platforms could serve as a bridge between IAM and legacy systems to automate manual processes such as data collection, access provisioning, and generating access reports.
Well-designed automation processes in an organisation’s IAM implementation could save operational costs, boost productivity and reduce data loss risks, provided precautionary measures are taken during configuration and manual human intervention is applied when necessary.