Access Management, as one of the main components of IAM (Identity & Access Management), describes the process that assigns authorized users the rights to use a service and thus prevents unauthorized access at the same time.
This includes the following topics:
- Access: Access to services, data and systems
- Identity: the identity of the user or technical system or application that requires access.
- Rights / privileges: read, change, write, execute, delete
- RBAC (Role Based Access Control) / ABAC (Attribute Based Access Control)
- SSO (Single Sign-on): Web-, Legacy- and Cloud-SSO
- Authentication / Authorization: Who is allowed to do something and what are they allowed to do?
- Identity Federation: Cross-company Access Management
The list of these diverse topics reflects the complexity of Access Management. User account provisioning involves creating, changing, deactivating, or removing user accounts, and defining and managing roles throughout their lifecycles (role lifecycle management).
Access Management, on the other hand, determines to which IT systems, processes, data (structured and unstructured) or objects digital identities have access. From midsize companies to global enterprises, today’s organizations must manage thousands of user accounts and access permissions in complex and dynamic IT environments.
The complexity and dynamics of IT environments are largely determined by the multitude of IT systems and different processes (joiner, mover, leaver), structured and unstructured data, mobility (mobile devices & services) as well as on-premise and cloud solutions.
Special attention should also be paid to unofficial IT (“shadow IT”) when departments use services that do not conform to company standards. Here, it is necessary to use future-proof access management solutions which reduce administrative effort through role-based access control (RBAC) or in the form of attribute-based access control (ABAC).
KOGIT offers a comprehensive service portfolio from strategic consulting to the selection, implementation and adaptation of the appropriate access management solution and the creation of roles including documentation, as well as maintenance and support. KOGIT integrates Mobile Device Management and Cloud Access Security into Access Management.
The implementation of the access management solution based on proven best practices gives customers the security of a short project duration. This way they benefit from time and cost savings.
To reduce the complexity of access management projects, KOGIT recommends the 80-20 rule. Instead of creating a 100% suitable solution for a role model with uneconomical effort, it is usually advisable to map 80% of the required authorizations with a role model and to regulate the missing 20% with individual authorizations.
This procedure is also known as KISS (keep it simple and stupid). The same applies to process definitions.