Select Page

Bulletproof access provisioning is essential to identity security

by | Oct 31, 2023

The daily news about data breaches always details what data was stolen by hackers or rogue insiders but never mentions the broken access provisioning processes that are often at fault. Establishing the right joiner-mover-leaver and access request processes is critical to a strong security posture. The challenge with these processes is partly that organizations need several business outcomes that are hard to achieve, but also that they neglect to make their processes measurable enough to see if expected outcomes are realized.

Provisioning business outcomes

Let’s consider what organizations want from their access provisioning processes.

  1. Security: Offboarding users promptly so that no orphan accounts become takeover targets is a key security concern. And assigning permissions accurately with respect to user job responsibilities is of paramount importance from a least privilege perspective. For some critical systems, just-in-time access or a “no-standing-privileges” approach is needed. In addition, there’s a change-audit requirement to support security, compliance, and forensics, namely, the challenge of auditing how someone got a certain permission, who approved it, and whether a permission was granted without approval.
  2. Speed: Timely access grants are crucial to avoid any impact on workforce productivity. No one wants employees waiting a week to get an account they desperately need!  In fact, DevOps staff often demand immediate access and find a way to get it!  
  3. Cost reduction: The costs associated with provisioning are an important issue. Manual approvals and manually serviced tickets are expensive when you count the man-hours involved across hundreds of weekly permission assignments and removals. The infrastructure that manages requests, approvals, onboarding, and offboarding can also be expensive to deploy and maintain.  Existing investments in identity and ITSM need to be leveraged to keep costs down.
  4. User experience: The entire workforce interacts with provisioning processes, and for all these stakeholders, ease of use drives customer satisfaction. Any self-service request interface needs to provide a simple user experience that’s consistent with how employees ask for IT help in general. It should also be easy for administrators and application owners to configure provisioning and deprovisioning.

Provisioning process metrics

Working out processes to address these requirements isn’t enough; process KPIs that serve as evidence of results or pointers to problems are a must. And there’s the rub! Organizations cobble together solutions using off-the-shelf or homegrown software but ignore the issue of process metrics that help keep their processes on track. IT leaders often confess that the solutions they’ve deployed are “ok” or “not great”, but that’s as far as they can go.

Zilla’s solution

At Zilla, we believe that measurable and effective access provisioning processes are key to a strong security and compliance posture, as well as to workforce productivity and operational efficiency. Zilla™ Provision, the newest module in our platform, was conceived to guarantee job-appropriate access, and both remove and assign new permissions quickly through zero-touch automation. It was also designed to keep costs down by reducing service tickets, to leverage existing IT investments, and to provide a simple user experience for all process stakeholders. 

Zilla™ Provision’s integration with ITSM systems like Jira Service Management and ServiceNow eliminates the need to present users with yet another IT request experience, to deploy yet another workflow engine, yet another ticketing system or yet another change audit repository. Together with Zilla’s library of 500+ integrations and close integration with Identity providers like Okta and Azure AD, Zilla™ Provision delivers a bullet-proof solution for system-verified access provisioning across cloud and on-prem infrastructure and applications.

Finally, Zilla™ Provision is focused on making access provisioning measurable. Metrics like “Mean Time To Provision a User”, “Mean Time To Grant a Permission” and “Percent Grants Automated” help IT staff understand how their processes are performing, where the bottlenecks are, and what needs improvement.

In summary, effective access provisioning isn’t just a ‘nice-to-have’; it’s a necessity in today’s digital landscape. Building these processes demands a focus on not just the business outcomes expected from them, but also the means to measure process flow, impact and acceptance.

To learn more, visit: self-service access request.

Author

  • Deepak Taneja

    Zilla Security Co-Founder, CEO & President Deepak Taneja is an entrepreneur and security expert with extensive experience founding and leading enterprise software companies. Deepak has been at the forefront of innovation in identity management for over 25 years.

    His vision for Zilla is to secure the enterprise by automating the management of permissions to all applications and data. Prior to Zilla Security, he founded and led Aveksa, a pioneer in identity governance, and was CTO at RSA Security after Aveksa was acquired by RSA.

    Previously, as CTO for Netegrity, he led the evolution of SiteMinder into an industry-leading web access management platform. An avid supporter of technology entrepreneurship, Deepak has served as a board member and advisor to several successful startups. Deepak holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.

    Connect with Deepak via LinkedIn.

Recent Posts

Sisense Breach – Stealing a Valet Lockbox

The breach of Sisense last week represents one of the most dangerous breaches of this year, and potentially longer. It’s not because of what data was exfiltrated directly from Sisense…