Wednesday, April 2, 2008

Worst practices: Exposing IAM blunders

Joel Dubin exposes the most common IAM blunders, and enlightens information security professionals on how to prevent these mistakes. OK, its a bit basic, but they are still problems. I thought the article was uninteresting, but two things caught my attention:

1) multiple logins for multiple applications (listed as the sticky note syndrom)

2) "ghost" passwords - which are more precisely "ghost" accounts, not just passwords, they are logins that should not exist.

If you are correlating any and all identity profiles in your enterprise, then these orphaned accounts can be properly detected AND accounts could be linked to aggregate same-user profiles from the various applications, enabling true SSO. No more multiple logins, no more "ghost" or rogue accounts. 

Utilize an abstraction layer to virtualize sources together, correlate identities, and provide provisioning for identity lifecycle management. Delivering identity data from a central virtualized source can solve this problem.  If your environment is a dynamic and ever changing business (and who's isn't these days) then this is the only way to go. 

read more | digg story

No comments: