Our Identity Governance & Administration (IGA) services include
Unclear allocation rules for authorisations, impersonal privileged user accounts and the re-certification or auditing of roles / authorisations and authorisation assignments are all challenging for companies. Operational risks can be identified, assessed and corrected with a check.
Our Identity Governance & Administration (IGA) authorisation check is based on a framework that systematically analyses processes and systems, such as the HR processes Joiner, Mover and Leaver.
The IGA authorisation check includes:
Analysis of existing authorisation structures
o Access quality in accordance with the need-to-know principle
o Roles and authorisations in accordance with the need-to-know principle
o Segregation of duties
o Number of logins or the frequency of hits or use of the application
o Number of failed logins
o Use by emergency users
Analysis of existing authorisation and role concepts
Deviations from current guidelines and directives in force and optimisation opportunities are highlighted in detail. This makes it possible to initiate measures and implement quick wins at short notice. The IGA authorisation check can be carried out as a one-off or in the form of a regular service.
In addition, it is also possible to carry out customer-specific IGA checks such as outlier checks, checks on the standards used or subject-specific checks on (Cloud) Privileged Access Management (C)PAM, Consumer/Customer IAM CIAM and other characteristics.
IGA organisational analysis goes beyond authorisation analysis by covering the tiers of organisation, process and people. This requires an understanding of processes and how they are implemented, as well as organisation. It is also important to understand how people are integrated into the processes and organisation, how they behave and act, and what happens in day-to-day business.
The following aspects are specifically highlighted:
Organisation: Analysis of the organisational structure
Process: Analysis of the IAM processes and how they are implemented within the organisation
People: Analysis of service providers, their tasks and duties
You will be given a well-founded basis on which to take decisions, including specific measures for your IGA. InfoGuard incorporates a variety of procedures, (international) frameworks, industry specifications and good/best practice.
Having a solid IGA foundation is a prerequisite for achieving your strategic security goals. That’s why our IGA concept covers people, process and organisation alongside technological aspects. Proven good and best practice enables us to focus on practical applicability.
The IGA concept includes:
- Needs assessment, including recording and documenting the ACTUAL situation
- Identification of requirements with a description of the requirements for the processes, systems and organisation
- Description of potential use cases
- Preparation of the measures / proposal of a solution
- Identification of alternative solutions and assessment of them
- Drawing up of the roadmap to implement the IGA concept