IT leaders responsible for identity & access management (IAM) can make the difference between stagnation and progress by leveraging the IAM technologies they already have to achieve short-term wins, according to Gartner. Analysts said that there are six ways that existing IAM tools can be leveraged to maximise investment in them.
“Even in a spending crunch, there are still IAM projects and goals that need to be achieved without additional investment,” says Perry Carpenter, research director at Gartner. “Some of these can be accomplished via methods and products that organisations already own but maybe haven't considered yet.”
The six ways to leverage IAM investments in unexpected ways are:
* Deploy enterprise single sign-on (ESSO) as a provisioning map and role ‘suggestion’ tool – ESSO data can be analysed to help determine what an organisation’s most-used systems and primary user groupings or roles are. It can also deliver insight about external sites employees visit and suggest to IT managers whether they should update proxy rules, revisit policies or conduct awareness activities.
* Identify graveyard and resurrection pools through user provisioning – Many mainstream IAM vendors base part of their licensing agreements on the number of users in the corporate directory, but most companies want to keep identity data for as long as possible for ID reuse or auditing even after employees have left the company. To combat paying for unused licence seats, IT directors can use open-source and/or third-party directory tools to create an alternative directory for "deprovisioned" identities.
* Use a virtual directory or lightweight directory access protocol (LDAP) proxy for low-impact directory migration – When IT directors need to migrate data between directories, LDAP proxy functionality allows them to place application scripting at the LDAP interface level, enabling just-in-time directory migration without requiring users to change their current passwords. After the migration is complete, the old directory can be decommissioned, licences discontinued, and the hardware freed up for use in other projects.
* Rethink any ID consolidation/migration initiatives – A primary objective of identity consolidation is often auditability of identity data and streamlined administration. However, this can also be achieved through a combination of security information and event management (SIEM) technologies and virtual directories, some of which are free. In addition, in most legacy systems, companies usually have to delete and recreate an account thereby losing any personal preferences/data associated with that previously existing account. IT leaders considering a full-scale identity migration or consolidation project might do better in terms of return on investment (ROI) to migrate only a subset of the environment, abstract authentication where possible, and manage the rest through attrition.
* Use a virtual directory and/or LDAP proxy to decrease cycle time for application development – When using a virtual directory and/or LDAP proxy, the user can create common virtual (abstracted) views of multiple data sources. These can include multiple inputs such as other LDAP repositories, relational databases, flat files, web services, and more. So, rather than the developer needing to connect to each of these sources and create an aggregated view, the virtual directory view can serve it up in a pre-aggregated form and deliver the data in real-time.
* Use your web proxy as a security awareness tool – When employees try to access websites that are counter to the company’s policy, they typically see a message simply saying that access is forbidden. Instead, web proxies could redirect them to an internal security awareness site for an explanation of why certain sites are blocked to explain and reinforce security policy.
“IAM project funding is increasingly hard to come by and organisations are looking for quick wins to demonstrate IAM’s value,” says Carpenter. “Many companies already possess the products necessary to build beneficial functionality so thinking creatively about what they already have can save time and money, position the IAM team as a responsible corporate citizen, and foster greater innovation in the organisation.”