Access Control
The right solution to access control is the key to safe solutions of information systems, both for small and large corporations. The solution must fulfil the following conditions:
- user must get access to information that he needs or has the right to see,
- user must not have access to other, even vicarious, information,
- access administration must be quick and effective,
- user must not be inconvenienced more than necessary.
The administration of access rights, particularly with regards to an organization with numerous information systems, is not an easy task. Should the person responsible for the administration of access rights not have the relevant resources, there is a great risk of faults and omitting, which can sooner or later cause various security incidents. (Sensitive information leakage, presence of damaging codes, access to systems by unauthorised individuals)
The optimal solution is the use of Identity Management systems, guaranteeing technological interconnection of a directory services, network security and authentication, user procurement and control as well as control of user’s access rights and single system sign-on.
The difference between access control without relevant tools and with the IDM solution can be viewed below:
| Situation | Solution without IDM | IDM Solution |
| Request for access | Regular requests directed at various departments | One request only, access based on position |
| Access rights granted | For each system separately | Access granted based on position |
| Access alteration due to position change | Necessary changes in all IS systems | Only position change |
| Employee’s retirement | Essential to cancel access to all IS systems | Only position withdrawal |
When the relevant tools for access control are not in place, the threat of issues and inadvertencies is present. In such cases the following is generally true:
Administrator
- is overloaded with routine work,
- has to carry out a lengthy check all accesses,
- this can subsequently lead to many issues (“zombie” access, higher than necessary access rights, etc.).
Employee
- undergoes alteration approvals on various organizational levels,
- needs to contact Help desk when password is forgotten,
- has to remember access details to different systems, which can lead to the use of inappropriate help, which can subsequently endanger the organization.
Company Management
- no single strategy within the organization,
- financial losses caused by standing time,
- risk of information misuse with considerable financial loss.
On the other hand, when using the business solutions for access control, the following is true:
New Employee
- data are set in a different system,
- access is created automatically based on the position within the company,
- account is activated immediately.
Employee
- access alterations handover automated,
- himself can reset the passwords,
- single Sign-on possibility.
Administrator
- standardised access control through web divide,
- complexity of solution,
- competences can be delegated (eg. to HR),
- exact overview of access rights,
- immediate blocking of access possible,
- guarantee of access cancellation to all past employees,
- audit and reporting of changes.
Company management
- productivity increase,
- service level increase,
- security improvement,
- demonstrable return of investment.
Description of solution – see Identity control
