Identity, access and governance issues remain a priority or many, yet create a number of hurdles for organisations worldwide.
But these are not their only pain points. Various systems and multiple networks often stand in opposition to a streamlined approach, but are vital to the automation of a workplace.
Saving time for IT managers from floods of password reset calls, for example, allows these teams to focus on more important priorities, but this is not their only headache. In fact, there are several modern headaches that IT manager unfortunately must face.
But there are simple solutions. Let’s take a look.
Consolidation of networks
After a merger, acquisition or downsizing, companies often seek ways to combine their various networks into one; however, existing network structure often no longer meets current requirements, meaning the network administration process must be arranged differently.
Consolidating networks is complex and time-consuming and several keys questions must be asked before undertaking this task.
One of these is: “How is the new Active Directory going to be populated?” The existing Active Directory has been populated over the years. Has this been done manually or automatically using scripts?
If Active Directory has been populated manually, chances are mistakes have been made. For instance, a user account for a former employee is still active. These inconsistencies should not be carried over into the new network, so the system has to be cleaned up.
Another question should be: “What source will be used to populate and enhance Active Directory attributes?” The new Active Directory will have to be populated eventually.
What source system should be used for this? A good solution would be to use the HR system as a basis because this system is meticulously kept up-to-date as it is used for the payroll, etc.
In today’s world we have become accustomed to being able to sort out our affairs from our home PC, laptop or smartphone.
We can pay our bills online, do our grocery shopping or buy an insurance policy with a few clicks of a button. As such, we now expect to be able to find the same type of self-service capabilities in our work environment.
Yet, in many cases this is not possible, particularly when it comes to requesting additional network privileges. These requests often still involve a paper-based process.
The request, for example, will go from the employee to the manager, from the manager to the senior manager and finally to the IT department where the additional access rights will be implemented. This process can be quite laborious, and not particularly user friendly.
However, it is possible to let employees handle the assignment of additional access rights themselves via a self-service portal. The manager responsible for approving the request will receive a notification, usually via email.
When the request has been approved, the software can ensure the requested rights are directly implemented in the network.
These rights will apply for a short period (e.g. 24 hours), during which the manager can revoke them at will. This is convenient, for example, in scenarios where an employee needs to replace a colleague at the last minute and can prove highly useful for various industries, for instance, on-call professionals in Healthcare.
Inconsistencies in the rights structure
Controlling access to file systems has always been a challenge. As the workforce changes, people are provided with access to systems, share accesses change, and access is revoked.
These changes are difficult to track and document. Even with an established process, once changes are submitted they are extremely difficult to report on. Over time, the answer to “who has access to what” becomes impossible to answer.
When a company does not have its rights structure under control, it runs the risk of being non-compliant with certain legislation.
It’s virtually impossible to fully prevent mistakes being made or overlooked with regard to permissions. However, inconsistencies can be curbed as much as possible by automating and standardising the assignment of access rights.
Time – consuming User Account Management
Relying on manual processes for user provisioning in your network can create real headaches for IT. As your company grows, user-account management tasks become more and more challenging.
IT has to manually create, remove and update user accounts in several systems, another very labour-intensive and time-consuming process.
Consider how many new user accounts must be created in numerous systems when a new employee starts work (Active Directory, Exchange, helpdesk system, phone directory, PBX, etc). Changes to personnel are constantly occurring, however, IT is often not informed fast enough, or at all - leading to data inconsistencies and potential security issues.
Furthermore, changes are often not logged properly or implemented consistently. For example, in many workplaces a single employee is responsible for manually updating user accounts, however, if this employee subsequently leaves the company or is away for an extended period of time, there is often no way to tell what has been done in the network.
All of this can result in lower productivity for employees and routine tasks dominating the time of overqualified support specialists.
User management software offering Auto Provisioning, as well as auditing and reporting of activities within the company network is a highly effective way to resolve these issues.
The software takes on all basic user management tasks, allowing IT personnel to focus on more network critical issues. Linking with systems, such as HR management, also means IT no longer has to manually keep track of personnel as any changes will be updated automatically.
Automatic data logging also means activities in the network can be monitored and a record is kept which can be vital for auditing and compliance.
Catering to shifting demands of the workplace
The landscape of the modern workplace is forever changing. The normal nine-to-five is becoming a thing of the past with more and more employees working outside of traditional ‘office hours’ from a variety of locations.
This is great for business, but often a bit of a nightmare for IT. Firstly, employees who are working remotely or whilst on the commute often need to gain access to the company network outside of regular office hours, times when IT resources may not be available to them to deal with any issues.
This leads to frustration for the end user as, if they have issues logging in (for example, if the employee has forgotten their password) they then cannot access their work.
This can cause real issues in business terms for the company as projects are delayed and money can be lost.
Another issue caused by the shifting landscape of the workplace is that employees are often permitted to use their own devices to access the company network usually via smartphone, tablet or laptop. Once again this can be great for business as the costs of equipment outlay for the company is lowered.
Also, those employees using personal devices will often put in more work hours as they do not switch the device off at the end of office hours. This, however, can cause security issues if an employee leaves the company.
As they keep their device, they can often still access the company network and therefore company data is at risk. The user account should be disabled by IT for this not to occur; however, IT is often not properly informed of an employee’s departure or the task is forgotten about, and the user account remains active.
Identity and access governance software is very effective in resolving both of these issues. A self-service password reset solution can be installed allowing end users to be able to reset their password 24 hours a day, from any location.
Saving IT from floods of password reset calls and allowing employees to work remotely without losing valuable time.
A user management solution offering auto provisioning linked to the company’s HR system can resolve the security issue as user accounts will automatically be disabled when an employee leaves the company.
Robert Doswell is managing director of Tools4ever UK, a global supplier of identity and access management solutions.