Abstract

Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. These policies provide the foundation for every identity and access management system no matter if poured into IT systems or only located within responsible identity and access management (IAM) engineers' mind. Despite its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection and enforcement without providing the required guidance for policy management nor necessary instruments to enable policy adaptibility for today's dynamic IAM. This paper closes the existing gap by proposing a dynamic policy management process which structures the activities required for policy management in identity and access management environments. In contrast to current approaches, it utilizes the consideration of contextual user management data and key performance indicators for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides an evaluation based on real-life data from a large industrial company.

Highlights

  • The efficient administration of employees’ access to sensitive applications and data is one of the biggest security challenges for today’s organizations [1]

  • In order to overcome the existing limitations, this paper introduces the dynamic policy management process (DPMP) for identity and access management (IAM)

  • We argue that a comprehensive process model is required for structuring policy management in a company-wide IAM

Read more

Summary

Introduction

The efficient administration of employees’ access to sensitive applications and data is one of the biggest security challenges for today’s organizations [1]. Large organizations manage millions of user access privileges across thousands of IT resources. Due to ineffective and application-specific user management, employees accumulate excessive access rights over time. Most users are overprivileged, meaning they are assigned more permissions than necessary to perform their work. Organizations implement a company-wide identity and access management (IAM) system for the centralized management of digital identities [2]. This enables organizations to implement standardized user lifecycle processes, reduce security vulnerabilities and comply with existing national and

Objectives
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.