I am in the process of successfully finalising a case study with a major HP customer, in the government area, in collaboration with Vistorm (an HP company).
The customer was interested in better understanding their current risk exposure due to their access management processes and the impact of adopting IAM automation.
An IAM case study has been jointly run to:
1. Identify suitable metrics to convey their risk exposure (e.g. in terms of verall time to provision/deprovision user accounts, impact of hanging accounts, shared accounts, super user accounts, etc.)
2. Model their current access management processes (specifically their provisioning and deprovisioning processes) and run simulations
3. Convey to the customer an estimate of their current risk exposure, based on shared assumptions
4. Model and simulate the impact on the risk exposure in case IAM automation were adopted
In this case study I used our HPL Security and Identity Analytics methodology, jointly with our modelling and simulation tools.
It really helped us to refine our approach, get a template of IAM provisioning/deprovisioning processes and the customer to have a better understanding of their risk exposure and impact of various investment options.
I am now looking for another “customer” (medium-large organisation, possibly), interested in running a similar case study, to have a second validation point and get further input, possibly in a different business context. As counterpart, you will an assessment of your IAM processes and a “what-if” analysis.
Please do not hesitate to contact me for any question and/or to get more details about engaging in a Security Analytics case study with HP Labs.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment