IAM – The Importance of “good” HR

  • posted by Jamie Pryer
  • posted on September 20th 2010

Identity and Access Management (IAM) is inadequate without a good HR backbone, this is a simple fact that is so often overlooked and unrated in many organisations and IAM projects.

Quality HR (people data) is essential for IAM to work properly and yet I’m still shocked and surprised every time I speak to organisations about their HR data and how it’s not seen as a key factor to the success of IAM. In some cases, it has not even been considered!

A proper HR system that is up to date and accurate allows you to correctly identify and link system/application accounts to actual people (aka Identities). With this HR information you can ensure that an employee’s access is only suitable for their current job role, with no excessive authority and be confident that a suitable authorising manager is approving this access.

For all system/application access you need to know 3 key items of HR data:

  1. Who is the OWNER of the account – Who is the employee that logs into that account?
  2. What is the JOB ROLE of that employee – Do they work in Finance or Audit? This helps us establish if their current access is correct for their role or if maybe they still have old access from previous roles.
  3. Who is the authorising MANAGER of that employee – Who is an appropriate manager who can approve the access that the employee has, as being suitable for that employees current job role?

For Example: What we are trying to do with IAM is link account “xyz123” on system “Charlie” to the employee “Joe Bloggs” in our HR data. That way, we know our 3 key items of information:  WHO “Joe Bloggs” is, WHAT “Joe Bloggs” job role is and WHO “Joe  Bloggs” correct [Access] authorising manager is. This full picture of an employee will then help us to decide if the access account “xyz123” has is suitable for their job role and if so we can then get it signed off and approved by the correct manager.

Identity and Access Management is essentially controlling what your employees can and cannot do, depending on their job role. However without accurate HR data, you simply cannot identify if your system/application access is correct, as you have no real idea of who anyone actually is.

Leave a comment

You must be logged in to post a comment.