Provisioning has typically been about increased efficiency and reduced cost. But, it's time to extend the ROI into security and compliance as well. I've had a number of conversations over the past two weeks with provisioning vendors and industry consultants. They confirmed that the organizations they work with are asking for this. The same organizations that deploy provisioning solutions are confronted with compliance tasks and demand for improved security. They want the identity infrastructure that enables work flow efficiency to provide the compliance benefits as well. Provisioning vendors have made progress in terms of logging system activity, but there's no way for them to prevent authorized administrators from leveraging direct access to the directory to get around the work flow. Today's niche identity and security vendors have improved on this by providing security and audit-ability on the complete set of activity taking place in the identity infrastructure. I'm in the process of writing an article on this for one of the security trade mags. I'm interested in your feedback on this topic.
Would you like to be quoted? Would you like to be mentioned as a consultant that understands this proposition? Would you like your vendor's technology to be included? Let me know or leave a comment.
1 comment:
Matt -
I started to respond to your post, but my comment grew into a post of it's own. So I posted my response as a blog entry at ArtofInfoSec.com:
Risk ROI for –Some– Provisioning Solutions…
Cheers,
Erik
Art of Information Security
Post a Comment