Managing access rights in the corporate network of the enterprise, frankly, the case is not the most interesting and not very simple, but necessary. If the company is small, then this one
inflammatory try to organize the process manually. What works out, especially given the growth of the business, and how can this provision be managed, saving both human and temporary
resources, I’ll tell you.
…Lived-was the owner of one small company. According to ancient recipes, honey was cooked for the citizens before the holiday. And as he began to introduce his products in the product of all useful to add and develop
own recipe, customers did not hang up. The glory of his establishment went far in the region.
He equipped his production with overseas equipment with software control, recruited a couple of dozen workers, put them behind computers – they sit and work. Okay-oh-oh-oh …
The business is growing, five hundred people have joined the company in three years. Heads of departments appeared, and those – subordinates. His honey was not enough, he agreed with the neighboring beekeepers
for the supply of raw materials. There are different business processes in the departments, all the regulations approved above and even some information systems. Got the owner – you need this whole farm somehow
order and wrote a decree. And the staff went to each other to walk, roll over the papers, ask for access. All kinds of interesting cases have happened here. And what,
we will tell below.
Case Study 1. The marketer comes to sysadmin: “I punch you, good man, give me access to” 2C: Enterprise “, I need a contract with
lawyers and accounting to coordinate. ” “Not a question,” he replies. – Only fill me a piece of paper in the whole form, and make sure to specify all 10 parameters. ” The marketer left with nothing and for a long time – thought
think, gather information and fill in a piece of paper.
Case 2. Someone in charge of the head of the external liaison department to provide beekeepers with access to their systems,
to keep track of their deliveries and to keep their supplies late. And this is a serious matter – many suppliers have been divorced so that you do not let anyone in the domestic possession, you need him with the main
the governor of IBeshnik to agree. And the one on vacation was – a garden in the village of Kukueva digs. And the suppliers left to ponder, to wait for the return of the garden.
case 3. Started in the department head of sales, a special program that has everything
customer information and customer relationship history was stored and Salle was only used. And it went so well in sales, it was so convenient: what kind of a fighter needed customer information – he went into the applet,
found the customer and found out all his secrets, all his pranks with wishes.
One annoyance: they began to ask anyone to access this program: both marketers and financiers, and there are others. And it seems to increase sales and improve customer service
asking for access – how to give? As a result, visit the head of all the affected permissions, and a year later can not understand who and why in his program goes and what data pulls from there. Year by hand along with
Technicians understood (in a fashionable “recertification of access rights” carried out), and did not finish – drowned in paperwork and procedures.
Case 4. Five hundred workers are not twenty. They need to issue and block accounts, they need access to different systems like
sale to give – all handles, handles. And one and a half sysadmins (one half-time worked) became slaves on the galley: the sub was spent on managing access rights for workers, and the rest
south – to extinguish the fire (restore the network after crashes and disturbances and equipment to be repaired). All other work duties are usually overtime and on weekends. The guys were bored …
Case 5. When business is underway, that’s where it usually comes from, and envy appears. Somehow an incident happened: one of the secretaries of the recipe stole
new and customer base, and gave the competitors a lot of money. As a rule, they noticed not immediately, but only when customers began to go to the competitor en masse. So, we have to figure out how this one is
the grief-worker got access to the secrets, who gave him access to it and for what reason. This responsible task has been entrusted to an employee of the IB service: investigating, dear, this fact handles and
glasses. For a long time digging security – and deep and wide, as you will understand here: six months have passed since the malicious, and the corporate environment has changed, and business processes. In general, they spat on it
business in the company went on to work …
Let us turn, however, from the contrivance to the reality. In a modern company of a similar scale, the process of access control described above will look something like this (see Scheme 1):
Familiar? So. Comfortable? No. Effective? No, especially given the total digitization of recent years.
As you can see, if a company pays insufficient attention to access control and identity management, then the manual costs of solving such problems can be enormous! what
do? Of course, change the approach. Authentication and authorization management is the key to security and is of great importance to all departments. Let’s see how he coped with this task
the wise owner of our already big company.
… And he looked at all these cases and realized: it is time to automate the process of access control. By that time, the number of employees was already close to a thousand souls.
He called the good guys on the carpet – techies and security guards – and said, “Get me a system to work as a tablecloth. To self-accounting users when hiring
created, granted basic access rights to them, and when released, blocked. To block access during sickness and vacation. So that the employee is strangely in it quickly needs the application
fabricate, so that the application is the same who needs to go for approval. And that any violations of the rules of granting access and conflicts different itself identify and eliminate in a timely manner. Well, quickly
published all the historical access information – whether you want in a month or in a year – for reports from all kinds of auditors and regulators. So it was appropriate for investigations of different cases. ”
The security guards and technicians thought what the system should be like, and they realized that it was time to implement IdM (identity management), and even better – an advanced IGA (identity management and
administration)! What is a miracle-judo? And there are no miracles here: the system itself gives all workers access when and where it is needed. How is she so artful? Yes through automatic control
user lifecycle. So through current policies and infrastructure created to support this process.
What is she, this self-made tablecloth? First, it identifies and analyzes users’ rights – when, with what such a miracle, and by whom. Secondly, the decision itself (according to the politicians)
accepts – Issue the requested access or rotate gate. It itself (on demand) creates reports when audit or certification of access is needed. And the life cycle controls them
manages roles in all information systems and does not give unnecessarily. Here are such miracles!
And he introduced in his company the wise owner of this miraculous system. And as he analyzed the effect and gasped:
53% reduced the time spent by business people in order to approve applications, audit access rights (in our opinion – certification) to spend, etc .;
in company systems, the number of unnecessary users decreased by 15%, and the number of applications for sysadmins decreased by 85%;
plus, it was 50% easier to get data from theft theft systems.
And as a result, all the employees of our already big company of happiness!
… Now, in reality, let’s see how the process of access control resulting from the use of the IGA system described in Scheme 1 has changed (see Scheme 2):
Together: When the rights management process is designed and automated, companies do not need to allocate more and more resources and resources to keep afloat and provide
business needs a level of service and security. It is a very, very tangible tool to save resource costs of access control.
That’s the fairy tale end! And there I was, drinking sweet honey, but still telling me how to make the access control process simple and effective so that everyone could save money so easily. And, of course,
secure – to get access quickly and not to violate regulations.
management accounting, automation
IT-Expert Magazine [№ 01/2020],