Automating your Identity and Access Management System

The following post is an excerpt from GovLoop’s recent executive research brief, Transforming Agency Security with Identity and Access Management. In the brief, we discuss the importance of consolidating and automating IAM systems to better secure information at government organizations.

The first step to securing user accounts and privileges at your agency is to consolidate all current identity and access management (IAM) operations into a single technology and governance system. The second step is to automate routine actions–things like upgrading user privileges and monitoring password compliance–within that system.

Dan Conrad, IAM Specialist at Dell, admitted, “When you present an entirely new system to a customer—especially to a person who is new to access control—it can be an overwhelming concept.” In fact, a robust IAM system should automate many of the processes currently performed by IT staff.

“When you can automate and take the person out of the picture, then that would be the best practice,” said Conrad. Not only does automation of IAM reduce the probability of human error, it also reduces IT department workload, increases end user productivity, and ensures ongoing compliance of user accounts.

These three benefits, as well as their impact on organizational efficacy, are described in greater depth below.

Alleviates IT Staff Burden
The most obvious advantage of reducing manual maintenance of accounts is the positive impact on IT staff workload. “Take something like password management. Sometimes up to 70% of the calls that come into help desks are simple password resets,” explained Conrad. “When you give the users the capabilities to reset their own passwords, you can free those help desk people up to do other things and you can get a lot more done with that same amount a money.”

With automation, IT labor constraints no longer dictate the efficacy of your IAM processes. And because staff no longer have to dedicate time to routine maintenance of accounts, they are able to dedicate more time to high-level IT tasks like architecture planning and proactive cybersecurity.

Increases End User Productivity
What’s more, IT are not the only agency personnel who can expect to become productive as a result of automation. We noted earlier that a central IAM system allows end users to seamlessly transition between processes without having to use disparate logins and credentials. This results in higher productivity, as employees can focus on their responsibility rather than account management.

Automation compounds these productivity benefits. Because maintenance functions like password resets and privilege changes are executed automatically, end users no longer have to wait for IT personnel approval before performing routine tasks. Lag times are eliminated so employees are able to focus on their primary responsibilities, rather than identity upkeep. 

Ensures Ongoing Compliance
Automated maintenance also guarantees that accounts, login credentials, and access privileges remain updated and compliant.

In a recent GovLoop survey, only 26 percent of respondents said that individual permissions were reviewed at least once a year for appropriateness. This is likely because 64 percent of respondents said their IT staff were charged with monitoring user activity for policy violations and 58 percent said the IT department maintained user password compliance. The labor and cost required to review so many records is untenable. However, an automated central IAM system ensures review occurs on a routine basis, without burdening security personnel or costing more for the agency.

For those tasks that are still best assessed by department personnel, this automated function can actually push administrators throughout the organization to periodically scrutinize access privileges, so that exceptions to standard role assignments are thoroughly reviewed. Conrad said, “You can set it up so that person has to actually evaluate that access on a scheduled interval, whether it’s once a year or once a week. So that when this person moves around throughout the organization, they don’t get what we call ‘access bloat.’” This also ensures that access levels remain regulatory compliant, even as users transition to new roles or depart the organization.

To compound these benefits, automation can also be leveraged to gain buy-in for IAM projects-at-large. “When you can show that cost savings on that time for a completely automated solution that actually enhances the security and enhances the administrator experience, the ROI just follows,” said Conrad.

To learn more about identity and access management, read our full report.