The 4 Web Access Management Problems that Lead to Regulatory Fines (SlideShare)

Courtesy of InfraMatix

http://www.IDMChecklist.com

The 4 Web Access Management

Problems that Lead to Regulatory Fines

http://www.idmchecklist.com/

The legislation reads, in part,

that a company must verify

Sponsored by http://www.IDMChecklist.com

Veera Sandiparthi Founder of InfraMatix


“…company transactions are

properly authorized, recorded,

and reported according

to GAAP, and that assets

are safeguarded from

unauthorized use.”




The optimal word here is

“authorized”




Web access management

tools, like Oracle Access

Manager or CA Single Sign-On,

check two items:




Credentials




Credentials are the user ID

and password




Authorization




Authorization is the process

of checking the user for

proper authority to access

the application




In identity management (IDM)

systems, this authorization

is usually driven by “roles”




Roles are an abstraction

that sets the attributes, groups,

and DN (Distinguished Name)

of the user in LDAP (Lightweight

Directory Access Protocol)




or Active Directory

(e.g., title=VP; cn=banking;

ou=operations, dc=company,

dc=com)




Web Access Management

Mistakes




There are two general areas

where a single sign-on,

web access system can

go wrong with regards

to granting access:




(1) problems in the access

management tool itself




(2) problems with user

provisioning




Replication and Sync Issues




In a high-availability

environment, the web access

manager load balances

between LDAP or Active

Directory user stores




These can have latency issues

with replication




A change made in one server

might not make it to another

server for several hours




Offboarding




Any technical or procedural

problems with the IDM system

will leave people with access

they should not have




Lack of a Common Approach




When the web access

manager is responsible for

authorization,




risks can be prevented unless

the policies in the access

manager are driven by roles

granted by an IDM system




Proprietary Provisioning




If the web access manager

handles authorization for those,

then these ERP systems need

to replicate the roles in those

systems to the common

user store




Bottom Line




The take away message here

is that a web access

management system should

be coupled with some kind of

IDM system in order to reduce

the kinds of errors listed above




and, ultimately, regulatory fines




This gives one system control

over the data used as the

source for web access

management




What is your experience

with web access

management products?




Please share your thought

in the Comments box below.




Copyright © InfraMatix

Is Your Company Adequately

Protected from Security Risks?

Download the Free

8 Point Identity Management

Checklist Now at

http://www.IDMChecklist.com


Technology

The 4 Web Access Management Problems that Lead to Regulatory Fines (SlideShare)