2021-09-27T04:28:00Z

How to convince a client that Identity and Access Management (IdAM) is essential for risk elimination?

AA
  • 5
  • 77
PeerSpot user
5

5 Answers

SP
Real User
2021-09-28T10:03:45Z
Sep 28, 2021

Hi @Amimesh Anand,


It seems to be important first to analyse the current situation of your client. Because you can easily highlight main topics to talk about security.


By the way, you can have 2 different approaches, according to the Identities stuff and Roles subjects.


Identities - to guarantee a unique identity to everyone, a manager for everyone, no orphan accounts, accounts are automatically activated/deactivated on the due date, etc.

Role - to be sure everyone is granted (when they need) specific roles and roles are removed when it is not necessary anymore. Without role management, it is not possible to easily manage it, except if there are 6 employees in the company.


Those are a couple of examples but the list is quite long, actually.

Search for a product comparison in Identity Management (IM)
BH
Real User
2021-09-29T06:40:35Z
Sep 29, 2021

It all depends on the risks but just look at Maersk - NotPetya and other cyber incidents. 


Prevention is so much better than cure! Trust me - it is one year of my life - I will never get back.

JB
Vendor
2021-09-28T20:45:45Z
Sep 28, 2021

What's the issue, expense?  How does one eliminate risk if they can't positively identify who's logging into the network?  Depending upon the devices (endpoints) in use, I'd recommend steering them toward a push MFA solution (Duo is an example).  A lot of companies will add simple SMS OTP or those annoying six-digit codes sent to your phone, and while it's better than nothing, the SS7 protocol is susceptible to Man-in-the-middle attacks.  


If you need some backup material, go download Verizon's DBIR. The #1 attack vector for years running is identity compromise or credential theft.

CW
User
2021-09-28T19:15:58Z
Sep 28, 2021

I think in your initial interview, and evaluation with the client, the necessity will answer for itself.  


What is your normal process for adding a new user? what is your normal process for terminating a user from your system? How much time does that take? How much does that cost? How do you know if you have orphaned accounts?  is it important for you to know who has access to what systems? if so, how do you know that answer? Is it important for you to know who has certain roles in certain applications? If so how do you determine that?  


This is really more of a sales question than a tech question if you want to get a positive response, throwing tech at them will just give them room to debate, or dig their heels in, find out what their problems are, find out how to help them, let them tell you their problems or processes, and you show them how to solve them they will be asking you for the solution, you won't have to recommend it. 

EL
Real User
2021-09-28T15:24:51Z
Sep 28, 2021

So we do not give you a textbook answer that may or may not apply. 


Can you help us answer your question by providing a bit of details about the organization? To help guide any customer, understanding their current environment is imperative. For example:  how big is the IT dept, the company? what industry are they in? what workloads are they running? what infrastructure? etc.  


Not too crazy details, but basics.

Find out what your peers are saying about SailPoint, Microsoft, One Identity and others in Identity Management (IM). Updated: February 2024.
763,955 professionals have used our research since 2012.
Identity Management (IM)
What is identity management (IM)? Identity management (IM), also referred to as identity and access management (IAM), is an organizational process used to securely connect electronic or digital identities with the right levels of access.
Download Identity Management (IM) ReportRead more

Related Q&As