36: What is Identity Data Management?
Audio Cast:
Takeaway Points:
We need to consider identity and access management from two focus points: data and runtime behaviours
Identity related “data” could generally cover things like profiles, permissions and policies
Profiles would include the schema that makes up an identity and any associated accounts - for example username, email, first name, surname - with B2E attributes like org, title, job code etc - and for B2C, postal address, marketing preferences and so on
Permissions make up access control related data points - which could include roles, attributes, groups, entries in access control lists (read, write) etc
Policies are used to uphold authorization decision making and are typically external to relying systems, centralised and enforced in a distributed fashion
All three examples have a life cycle and are triggered by events such as joiner, mover, leaver processes or customer on-boarding
Each life cycle needs governance - which can help implement both the why and how changes are accepted and fulfilled
Data should align with both business need and also risk management processes
Create, change and removal steps should be closely aligned to this need and risk - but often are not - resulting in data hygiene concerns
Data hygiene issues could include poor visibility and understanding, ghost accounts, excessive permissions, orphan accounts and so on
Identity Data Management is a more holistic and end to end view of managing all data components
Identity Governance & Administration and Identity Security Posture Management provide capabilities in this area
The integration or a broader array of data sources - such as configuration management databases, IT service management ticketing systems, application repositories and risk management registers can help to provide more context - and in turn identify high risk areas of identity data
The ultimate aim is to support capabilities such as zero standing privileges, just in time access, continuous compliance reporting and remediation