Proper control of Identity and Access Management (IAM) is essential to ensure that the right individuals have access to the right resources at the right times. Whether it’s employees, customers, or third parties, user access should be managed appropriately to secure your organization’s data. At a high level, IAM consists of managing the following:
- IAM Program Governance
- IAM Technology
- IAM User and Role Management
There are many topics that must be considered as part of the categories above, like account management, authentication, authorization, access provisioning/deprovisioning, identify lifecycle, reporting, and many more.
Clark Schaefer Consulting provides its clients with the following IAM services to help organizations come up with a plan to address these topics or optimize what they already have in place.
Clark Schaefer Consulting helps clients develop a comprehensive strategy to support all aspects of IAM as well as policies and procedures to support the program. Development of a IAM program requires an established strategy to execute it adequately. Our methodology is aligned with industry best practices such as National Institute of Standards and Technology (NIST), and through the use of this methodology, we assist clients in complying with IAM related regulations and standards.
We also help clients select and implement IAM tools based on their current or desired strategies. More information regarding our methodology for system selection and implementation can be found here. Once a strategy is put in place, many of our clients need a comprehensive review of user access roles to determine how to move from their current state to the optimized state. To do this, we analyze current job responsibilities and related access roles, revise the roles as necessary, identify business processes that will be affected by the changes, and develop recommendations for changes to those processes. Additionally, we facilitate any training that is necessary to help users understand the new role design.