“Understanding Identity Management”
Sensitization is about clearing up all kinds of misunderstandings around the topic of Identity Management (IDM) and creating a common understanding of their situation and of IDM among all project participants. This includes the following elements:
- The aim of the sensitization raising phase is to inform everyone involved about what good Identity & Access Management looks like and how the process of an Identity & Access Management project is designed with deron. Everyone then knows the elementary components of the next phases and the corresponding milestones.
- deron clarifies the technical terms and conveys a clear picture of what a company can expect from the topic of IDM.
- We consider the needs of all users (HR, department, works council, IT, compliance/security, etc.) and weigh them up with you. Failing to do so, the processes will end up deviating from the users’ requirements. They are then misapplied, bypassed or rejected, which leads to security vulnerabilities and costs.
- deron takes a close look at the existing user administration and documents the first weaknesses. We not only look at the technical components, but also at communication problems between business department and IT.
- Consequently, we work with you to determine the extent to which an effective IdM requires a combination of processes to be jointly defined by IT and business departments.
- In the “Sensitization” phase, deron will create your own individual cost-benefit overview.
- We deliver initially ideas and options for a future solution scenario.
- The final results report contains all the information and recommendations for action that have been collected. It serves as a central guiding document and argumentation aid for internal communication.
Our Services in Detail
Sensitization is about clearing up all kinds of misunderstandings around the topic of Identity Management (IDM). It is therefore a matter of creating a common understanding of the initial situation and problems within the company for all project participants and “stakeholders”. In moderated workshops, both the necessary basic knowledge and the deeper understanding of why current processes sometimes do not function as they should are conveyed. Our many years of experience and our special project methodology, which is based on agile methods, form the basis for this. Trust that, after these first steps, everyone will speak the same language.
IDM to Introduction
Identity Management, which today is extended to Secure Identity & Access Management (SIAM), is a far-reaching and complex field in which it is essential to maintain an overview. The term IDM is commonly used to describe IT business transactions in which accounts, roles and authorizations of identities (persons, but also objects) are managed and their access is regulated. An sensitization workshop serves to give an initial orientation and to introduce the topic of IDM. Terms are explained and topics such as SIAM, SSO, SIEM or RBAC are defined so that all project participants “speak a common language” and get a clear picture of what to expect from the topic of IDM.
Overview, problems, initial situation
There are many good reasons to deal with IDM, whether as a company as a whole or as an IT administrator, organizational developer, ERP department manager, works council or security officer. Because IDM is not solely a IT problem within the user and authorization administration of the helpdesk. It affects everyone, because almost every employee in a company uses IT resources that need to be managed, including the bus driver, for example, who retrieves his current roster online. But here, at the interface between user (business department) and IT (as a service provider), problems and misunderstandings regularly occur, leading to errors and security gaps and, in turn, to unnecessary risks and costs. It is therefore important for all participants at the beginning of a sensitization workshop to be clear about the starting position and motivation of each individual and to weigh the different requirements and positions against each other.
Discussion of user administration vulnerabilities
If one knows the concrete ACTUAL situation, the real weak points in the current user administration can be exposed quite easily. It regularly turns out that these problems and weak points are not only caused by faulty technology, but are based on insufficient agreements and communication problems between business departments and IT.
IT between the technical infrastructure and the processes of business departments
With the help of the deron 3-layer model, we explain the interaction of technical infrastructure, middleware and the process world in your organization as part of the sensitization workshop. It is important to recognize that only a combination of an IDM and cleanly integrated process sequences can guarantee the success of a project. The requirements of the business department have to be considered. If the departmental requirements are not sufficiently taken into account, there is a danger that the necessary acceptance in the company will be denied – the project will turn into an orphan.
On the basis of the company-specific initial situations, the motivation and the revealed weaknesses, initial approaches to solutions can be outlined in the context of the sensitization workshop. The aim here is to put together initial ideas for the further design possibilities and options of a future solution scenario.
An Identity & Access Management project is always accompanied by a change in the organization. Processes, responsibilities and resources are redistributed if necessary, which of course also necessitates an update of the rules and policies. In order to attempt the next step towards an IDM, it is also important to find out what criteria can be used to evaluate an IDM project in monetary terms, what costs can be expected where and for how long, and to what extent these costs can be justified by an increase in benefits, be it through cost reduction, simplification of processes or increased security.
At the end of the workshop it should be clear for each participant which criteria are used to evaluate an IDM project and which downstream steps are necessary. The elementary components of the next phases & their milestones will be roughly outlined and brought into relation to each other.
The results report contains, in condensed form, all essential information, results and recommendations for further action gathered during the workshop. It serves the participants in the internal communication as a central guideline for argumentation, provides helpful suggestions and illustrates complex correlations in a simple form.