Start With a Clean Directory - Identity and Access Management (IAM) can be frustrating. IAM projects quickly become increasingly complex and are characterised by a low success rate. Indeed, 4 out of 5 IAM initiatives fail to deliver. In many cases, the state of Active Directory (AD) is to blame. Since AD is the primary identity store for most organisations, it is mission-critical to achieve IAM success. Consider that 91% of organisations lack a process to determine group/resource ownership, 76% are unable to determine who has access to their data and over 90% manage AD manually, without the aid of automation. The reason is simple: native AD tools have their limitations. There is no single-pane insight into the structure of AD, it doesn’t enforce limits on group nesting, changes in AD cannot be tracked adequately and so on. On top of that, AD is ever-changing, because the business is ever-changing. It is not so surprising that on average organisations have a 3:1 group to user ratio, is it? If you wish to learn more on how to tackle these challenges, how to clean up AD and optimally prepare for your next IAM initiative, please visit our Directory Management page.
Set Flexible Authentication Policies - Configure strong authentication by finding the right balance between security and operations. In most cases, Metastore advises its customers to go tokenless or use what is already out there. If your environment requires it, build a strong security case to justify the TCO of rolling out your own token. For many organisations a mix of both token and tokenless second factors will be the preferred solution to balance both security and convenience for different user groups. Prepare for the future and allow yourself the flexibility to cherry pick the most appropriate authentication mechanism for different types of users from a comprehensive platform. Enhance the user experience of multi-factor authentication (MFA) by making it risk-aware, allowing for dynamic authentication and authorization decisions based on a risk score.
By implementing IAM
Deal with Bring Your Own Device - The reality today is that you deal with BYOD, whether you like it or not. Users want to use their devices to access corporate resources and they do not understand or care about the security implications. Tried standardising on Windows, but then sales started using tablets and your CEO brought along his brand new Mac? You’re not the only one. Bottom line, you need to start thinking about enabling this while maintaining the same level of security. Our approach is based on Active Directory integration, a unique combination of mobile application management and device management capabilities, while enabling users with self-service. You define the rules of the game; your users do the rest.
Deal with the Cloud - Another reality today is the Cloud. Noticed that users are using dropbox, box, salesforce, office 365 … on their different devices but you fail to shield corporate applications from private ones? Discover which Cloud applications employees are using. Keep a central overview, decide which applications may be used by which users on which devices with the right security policies in place. Again, our approach is based on Active Directory, providing Single Sign-on, a central administrator’s interface, an app store for users to pick from the corporate catalogue and push it to their different devices. Out of the box, we support over 2000 third party SaaS apps and provide self-service capabilities. Again, you define the rules of the game; your users do the rest.
Collaborate with Other Businesses - Say that your organisation provides online services to many businesses. You have a collection of apps that you wish to provide to (or share with) those partners or customers. Providing credentials and defining coarse- and fine-grained access rights for all these external users seems like a daunting task. Of course you know of Active Directory Federation Services but that would require you to configure a federation server for all these different parties – and worse: you’ll have to ask them to do the same. We can help you overcome these challenges and tailor a solution that fits your requirements, your environment and that of your customers. Our approach empowers your partners or customers to manage their own user access rights to your different apps, while you keep complete overview and control. Define the rules of the game; share the workload.
Keep a Complete Audit Trail - This one is self-explanatory. We consolidate all the logs above (and others) in a complete audit trail, from which you can draw business intelligence and comply with regulations. We won’t go into details here, please visit our Identity Governance & Analytics page.