A centralized identity and access management (IAM) system makes life easier for everybody in your organization. Malin Ridelius, product specialist at identity and security company Nexus Group, guides you through the 11 steps needed to take control over your management of physical and/or digital access.
All organizations protect their facilities and digital resources with some kind of access control systems. And most organizations have many different systems from different vendors to accomplish this, for example, different physical access control systems (PACS), different vendors for access cards and PC login cards, a human resources (HR) system from yet a different vendor, and so on. The process of making sure the right people have access to the right resources is often handled manually.
This means that the organization has no holistic view, and the manual process often fails. Access and PC login cards get lost, people join and leave the organization, employees change roles and companies are merged – without a centralized support system it is difficult to ensure that the identities and credentials reflect the actual reality.
Implement a centralized (IAM) layer with Nexus PRIME
The solution to this problem is to put a centralized identity and access management (IAM) layer on top of all of the different systems. The IAM system fetches information from, for example, the HR system or Microsoft’s catalogue service Active Directory, applies your entitlement rules to the user information, issues the relevant credentials, and updates all physical and digital access control systems accordingly. When all major processes for issuing, changing and revoking identities and their credentials are handled in one centralized system it is also possible to ensure traceability and auditability, which is required by the EU’s General Data Protection Regulation (GDPR).
Some organizations feel it is too big of a step to centralize both the digital and physical IAM at the same time, and therefore may decide to start with one of the parts. The course of action is the same, no matter if you start with your physical or digital access, or if you decide to include both parts from the start.
The 11 steps to take control of your management of physical and/or digital access:
- Get management’s attention.
- This is a crucial factor when you want to make a major change like this.
- Get budget.
- Make a thorough as-is analysis.
- What systems do we have?
- What interfaces do we have?
- What departments and users are involved?
- What processes for IAM do we have?
- What are the most important use cases, and which exceptions are there?
- What data needs to be migrated?
- Make a thorough to-be analysis.
- What do we want to achieve?
- Which systems do we want to replace?
- Which interfaces do we need?
- Which processes need to be reflected in the IAM system?
- Which users will be affected and which authorizations and permissions will they need?
- How is legacy data to be migrated?
- Will there be a data cleansing before or during the migration?
- Which system will be the leading in case of differences?
- How much work can we do on our own, and how much will have to be done by the IAM vendor or other service providers?
- If we need to involve other service providers: which?
- Which hardware and/or software will be needed?
- Who will be responsible on field level for data governance?
- Who will act as compliance manager?
- Make a concept plan for how to reach the desired to-be situation.
- The plan should include a detailed description of the to-be situation and the measures and steps to be taken in order to reach this goal. It should also describe the exclusions: what is out of scope and will therefore not be done?
- Get a sign-off on the concept plan.
- Implement the concept plan. This is usually done with the help of the IAM vendor or other service providers.
- Test the new IAM system.
- Get a sign-off on the new IAM system.
- Carry out employee trainings.
- Go live with the new IAM system.