If you step back and think about what the central control center of your IT infrastructure is, what would your answer be? Would it be your AWS infrastructure? Would it be your network management system or your Nagios implementation? How about your configuration management system like Chef or Puppet? I’d argue that it is none of the above; I believe it is your identity infrastructure. Who connects to what IT resources is central to any organization.
Understanding and Assigning User Roles
Before we talk about the technology side of this discussion, it may even be more important to discuss the organizational and management issues. As an organization grows, determining each person’s user access is a critical decision. There are a number of factors at play, including confidentiality issues, compliance and audit issues, and security concerns. In most cases, organizations start to segment access to data and applications over time to ensure that their security requirements are met. The challenge, though, is to be clear on how to make decisions about that access. This poses questions such as: Should developers have access to production infrastructure? Do customer support or SEs need access to the development environment? Does your marketing team need access to the VPN to AWS? If possible, IT admins should create a chart that shows various “roles” or types of employees in the organization and assign user access accordingly. This structure will go a long way to ensuring that your IT organization is centrally controlling the levels of access.
Implementing Access Controls
Once you know how to break out access levels, the next step is to find the right solution that will let you implement these controls. There are a number of considerations when building your identity infrastructure. We have detailed some of the key considerations below:
- Core source of identity truth – In order to connect and manage your users and their access, you’ll need a central spot from which to control them. That means having a core place where all of your corporate identities live. That spot needs to be flexible enough to federate your identities to other platforms, but also secure enough that nobody is getting a hold of your identities.
- Control over devices – One portion of this area is straightforward – your workers need access to their desktops and laptops. It starts to get more complicated as you add in your servers where an assortment of people need varying levels of access. You may want to provide some of your team the ability to have “read” access but not “write” access. It’s important to be able to plan for how you’ll execute permissions right down to a granular level.
- Control over applications – With employees using more applications than ever, IT needs to ensure that the right people have access. For starters, that’s just a function of making your team productive. Secondly, you need to make sure that you’ve secured access so that the right people have the right access to your applications (and the underlying data in those applications).
- Control over data – Your file systems need to be controlled as well. Determine who can access what files on shared drives. If you move to SaaS architectures, it is critical to take extra care when assigning permissions. A whole category of third party tools exists to ensure that the right people have proper permissions.
Most organizations need multiple solutions to cover their identity management infrastructure. It’s mission critical since it serves as the core of an IT infrastructure, forms the basis for your team’s work accomplishments, and, as an IT professional, enables you to ensure the proper functioning of your company’s IT resources.
If you would like to learn more about how identity management serves at the center of an organization, drop us a note. We would be happy to discuss it with you further.