Identity and Access Management Framework Book

Saturday

Nov102012

IAM has got you covered

Saturday, November 10, 2012 at 09:23PM

A few years ago I traveled to Texas to perform a penetration test on the web site for an oil company. I landed at the Houston (Bush) airport, ventured out under the overhang and got on the rental car bus, got off the bus under another overhang, went out under another overhang and got in the car, drove to a parking garage, took the elevator up to an above-ground tunnel to the building across the street, visited the customer, then did all the same thing in reverse.

Sitting on the plane to go home late that day, something very strange occurred to me: not once during the entire day trip to Houston was I ever directly under the sky. The entire time there, I had something over my head.

This is how a good IdM system is supposed to work. Cradle to grave, you are always covered. You don’t get in, you don’t get stuff, you don’t get out, without the policies going along. You don’t get into the directory unless the authoritative source (hopefully the HR system) says you belong there. You don’t get group memberships or attribute values, unless your role or job code or hat size (as specified in said directory) are in agreement. You don’t get access to target systems unless those group memberships or attributes or roles say you can.

If you get access rights out of band, you don’t keep them if the policies don’t back them up. You can’t even request additional access unless you’re authorized. You can’t see possible access rights in the catalog unless you’re entitled to them.

(Kind of unrelated, but you don’t get to complain about the government unless you VOTE.)

You don’t get to make requests, perform approvals, perform provisioning tasks, perform other administrative tasks, access a resource, change your password, or do much of anything else, without your actions being captured for later reporting and auditing. Yeah, that’s kinda creepy, but that’s called security and compliance.

You are always covered. Until you leave.

No, you don’t get to see the sky. Unless you own the company, and you’re not publicly traded.

References (9)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Response: iosuaedroasbf kasudoia

by sadafsd at McGregor vs Mayweather on July 13, 2017
Response: oiufdsuwejr aihsdioas

by gong at Mayweather vs McGregor on July 13, 2017
Response: sdfgaiudf iugfiuag agsi

by dfgiaufosfh at Mayweather McGregor on July 21, 2017
Response: PGA Championship online watch live free stream

by billy at USA PGA online watch live free stream on August 8, 2017
Response: Mayweather Mcgregor time

by jewan at Mcgregor vs Mayweather on August 22, 2017
Response: Online tv channel Free Mayweather v Mcgregor

by ydefsd at McGregor vs Mayweather on August 24, 2017
Response: @ Live Streaming Free Mayweather Mcgregor

by zdvgsbgsdgvad at Mayweather vs McGregor on August 25, 2017
Response: nba draft 2018 date

by TRYTUYI at NBA Draft on June 20, 2018
Response: Oscars 2019 winners

by EFVDGF at Oscars 2019 on February 22, 2019

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>