The compliance benefits of Windows identity and access management

By now it's been pretty well established that compliance is a driving force behind many Windows management and security initiatives. It's an approach I don't agree with, but it's still the reality.

Requires Free Membership to View

Whether it's tactical or strategic, you need to be able to justify expenditures related to compliance. Identity and access management (IAM) is one of those technologies that makes such justifications pretty simple.

Previous article

Six ways to improve IAM for Windows
In a recent article, Kevin outlined a series of steps to help IT pros take better control of identity and access management.

First, it's important to understand that compliance, as we know it in IT, is the act of adhering to certain established government and industry regulations. Looking deeper, compliance is really about implementing a system of technologies, documentation and processes that helps demonstrate that the business is doing what it's supposed to be doing to keep information private and secure. Visibility, control and automation are key to making it all work.

Given the criticality of user provisioning and controlling access to sensitive information, IAM is arguably one of the most important technologies to have -- that is if you want to be in compliance with HIPAA/HITECH, PCI DSS, GLBA, and so on. Just how does identity and access management play into the compliance equation? Here are several good reasons:


  1. Managing a large number of users is tedious and repetitive. Numerous Windows operating systems and applications mean several data entry points and a greater opportunity for errors. The regulators and auditors probably won't spare any pity since you can mostly automate this process using the right IAM technology.
  2. The mantra of many regulations is to ensure that users have a "business need to know." Identity and access management technologies allow you to focus on roles rather than people, so you can get it right the first time and not have to continually tweak user rights.
  3. The visibility, control, and automation necessary for compliance also happen to be the cornerstones of change management. Managing changes in a large Windows user base both efficiently and effectively is only possible with good IAM technologies and business processes.
  4. Compliance has its roots in policies, but those policies are only as good as their level of enforcement. In all but the smallest of organizations, policies for user provisioning and access control can only be reasonably enforced using identity and access management tools.
  5. System auditing -- being able to prove something did or did not occur -- is key for compliance. Relying on tools built-in to Windows and related applications for audit insight can be futile. A good IAM product solves this problem.
  6. Being able to demonstrate compliance within your user administration processes requires consistency, timeliness and integrity -- three things that are at the heart of identity and access management.

Compliance isn't a one-time deal but rather an ongoing mode of operation. By using solid IAM tools to your advantage, they'll not only pay for themselves but also provide you the consistency needed to achieve and maintain compliance down the road. This ultimately helps minimize business risk, which is one of the reasons those of us in IT exist anyway. Everyone wins.

Kevin Beaver (CISSP), is an information security consultant, expert witness, as well as a seminar leader and keynote speaker with Atlanta-based Principle Logic, LLC. Kevin can be reached at www.principlelogic.com.

This was first published in July 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.