Abstract
Due to compliance and IT security requirements, company-wide identity and access management within organizations has gained significant importance in research and practice over the last years. Companies aim at standardizing user management policies in order to reduce administrative overhead and strengthen IT security. These policies provide the foundation for every identity and access management system no matter if poured into IT systems or only located within responsible identity and access management (IAM) engineers' mind. Despite its relevance, hardly any supportive means for the automated detection and refinement as well as management of policies are available. As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies. Existing research mainly focuses on policy detection and enforcement without providing the required guidance for policy management nor necessary instruments to enable policy adaptibility for today's dynamic IAM. This paper closes the existing gap by proposing a dynamic policy management process which structures the activities required for policy management in identity and access management environments. In contrast to current approaches, it utilizes the consideration of contextual user management data and key performance indicators for policy detection and refinement and offers result visualization techniques that foster human understanding. In order to underline its applicability, this paper provides an evaluation based on real-life data from a large industrial company.
Highlights
The efficient administration of employees’ access to sensitive applications and data is one of the biggest security challenges for today’s organizations [1]
In order to overcome the existing limitations, this paper introduces the dynamic policy management process (DPMP) for identity and access management (IAM)
We argue that a comprehensive process model is required for structuring policy management in a company-wide IAM
Summary
The efficient administration of employees’ access to sensitive applications and data is one of the biggest security challenges for today’s organizations [1]. Large organizations manage millions of user access privileges across thousands of IT resources. Due to ineffective and application-specific user management, employees accumulate excessive access rights over time. Most users are overprivileged, meaning they are assigned more permissions than necessary to perform their work. Organizations implement a company-wide identity and access management (IAM) system for the centralized management of digital identities [2]. This enables organizations to implement standardized user lifecycle processes, reduce security vulnerabilities and comply with existing national and
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
