Identity Management - the path to secure digital transformation
Identity Management (IDM) has developed very strongly in recent years and has gained a central role in internal IT. Meanwhile it is not only a topic for banks and insurance companies, but in the course of the digital transformation it is also part of the basic services of all companies, which are essential to operate and to make data available to the outside world. Digital transformation and making internal data available to partners and customers is not achieved by moving data to a Cloud service. This is where the challenges begin: it must be ensured that all users who need access are known.
It should also be recorded if internal users request access to data from outside the secured network and access is enabled accordingly. In classic IDM, internal users are verified, which ensures that each digital identity is linked to a person managed in HR.
For example, project lead times can be kept much shorter than before, because the digital future is not just a few years away, but the requirement is already there and the basis must be established. This is where new processes are needed in the projects which make this possible. TIMETOACT has developed a method to meet these new requirements and to allow customers to carry out the digital transformation at the required speed. In combination with a cIAM, which takes care of the digital identities of partners and customers, a secure basis is created to enable new ways of working with partners and customers. We will show you how you can meet the security requirements of the digital transformation with an overall approach.
A maturity model makes it possible to measure the status and success at any time and to define the next steps according to requirements. Our goal is to provide a largely automated, audit-proof solution with end-user-suitable application procedures. This solution meets all requirements regarding availability, integrity, confidentiality, authenticity and traceability.
It is part of our philosophy to support and advise our customers on all aspects of a successful IAG / IAM introduction. Even after the end of the implementation project we are still at your side: We support you both in the maintenance of your individual implementation, in the further development and in the professional and technical operation of the solution.
User Life Cycle
The treatment of employees, their entry, change and leaving connected to various functions and authorizations is defined here as automatically as possible. Ready-made standard processes and good practices allow us to define processes and implement them very quickly with you, the customer. By making small adjustments to your own organization, these standard processes can be used. The closer you adhere to the standards here, the faster the implementation can take place. Here, all Use Cases that are required to accompany an employee from entry to exit are described and implemented in an IAM tool. The aim is to implement them as automatically as possible.
Role Life Cycle
To enable the department to recertify or even order authorizations, authorizations are grouped into roles. These roles are also assigned to different levels to enable the user to work with the required authorizations. These roles are based on standards like NIST, RBAG and ABAC. Role creation is tool-supported and suitable for the department. Roles or business roles combine authorizations of different systems. As with the user life cycle, roles are created, changed over time and may at some point no longer be necessary. They are therefore subject to constant monitoring and are also presented to the owners in the course of recertification.
Topics on Identity Management:
One way to form roles is to use role mining. Role candidates are created and made visible based on a matrix of assigned permissions to the corresponding users. With today's complexity – due to the fact that authorizations are distributed over several systems – it is practically impossible to do this work without corresponding products that provide this function through appropriate algorithms. TIMETOACT offers support in the use of these tools and guides customers on how to deal with the role candidates. The structure of roles is developed together with the customer so that even complex role constructs can be implemented in an IAM product.
The IAG system provisions accounts and the authorizations assigned to them into the administered systems and applications (target systems). Depending on the quality of the connection, the data is transferred to the respective target system automatically - synchronously or asynchronously - and without manual intervention. If a target system is not connected to the IAG system, administration must still be performed in the target system itself. Provisioning then consists of a notification to the responsible administrator, which contains the necessary information about actions to be performed and affected objects.
The data provisioned to the target systems is often based on or derived from personnel and organizational data. This information usually exists originally in personnel data management systems and is transferred from there –to the required extent – to the IAG system. Changes to personnel data are either propagated directly into the IAG system or determined and updated by the IAG system by means of data reconciliation. This enables us to achieve a high degree of automatic allocation/deletion of authorizations.
Password management continues to be a high priority in the statistics of support organizations. The resetting of forgotten passwords and the unlocking of passwords after incorrect entries should be a thing of the past with automated password management. Password policies can also be enforced company-wide.
We implement SSO solutions according to your needs and are your specialist for integrative solutions with IAG systems.
User Self Services
In many cases, end users can take over simple identity and access management tasks themselves, thereby relieving central services such as help and service desks. A Self Service Portal provides the functions released for this purpose. The user can manage selected personal data such as telephone numbers, address information, etc., reset passwords and apply for authorizations. Actions are either executed directly or guided through an application process, which can also include approval steps.
Our IAG solutions bring a variety of self services as standard. However, we are also your specialist when it comes to designing and implementing individual self services.
CIAM – Customer Identity Management
The requirements for a cIAM are not fundamentally different from those of an internal IAM, but have different priorities and focuses. The knowledge of the identity, its authentication and the associated accesses are still main focuses of the cIAM. Suddenly, possible parallel accesses are not limited to the number of employees; depending on the deployment, many thousands of simultaneous accesses are required, which have to be redirected to on-premise or Cloud applications.
These differences must be taken into account when building a cIAM system. TIMETOACT offers comprehensive consulting services in the area of requirements analysis and the selection of the right solution. Topics such as performance, integration of different services and also the choice of the right identity provider are examined and incorporated into the requirement profile. Here, our broad experience with IAM functions and products is the ideal prerequisite.
To relieve the central authorization administration, a defined portfolio of administrative tasks is transferred to other groups of people within or outside the company organization. The area of responsibility of these decentralized administrators usually comprises a group of users, which is derived, for example, from their affiliation to an organizational unit, cost center or similar. Frequently, tasks of authorization administration are not delegated to special decentralized authorization administrators, but are taken over by employees with line functions.
Here we help you to find solutions in the area of conflict between security and automation, which can be implemented in practice.