Wrap-up

Let’s wrap up what you have learned.

• Governance and sponsorship is fundamental to the success of any identity and access management implementation. We need buy-in from our senior leaders within the organization to provide support and sponsorship, and to model good behavior.
• Effective communication and the involvement of stakeholders will also help us ensure that our organization remains aligned. It’s so important to have elements of the business technology and security teams involved in the formation and management of our identity and access management solution. This is done to make sure that the solution is practicable, that it can be enforced, and that it meets their needs. This will help to maintain an appropriate security posture and to ensure that the documents remain current.
• Policies and procedures describe how we work and how we meet the requirements of the organization of any regulatory or legal requirements. These are needed to make sure that we have a standard to comply with and this communicates our approach effectively. If we can embed these within electronic systems, it also gives a much better opportunity to ensure compliance. If the only way we can work is through the use of this particular policy or this process that’s embedded within an electronic solution, it removes the ability for people to operate in a way that isn’t in keeping in line with that.
• Risk helps define our approach to the use of identity and access management and the associated control activities. We hear very often now that security is more generally a risk-based activity and that our approach to identity and access management relates directly to the risk and the risk appetite of the organization. So, we need to understand the risk landscape, the likelihood and probability of potential problems occurring, and how we can mitigate some of those risks through the use of controls.