Every organization has to provision users, whether they recognize it or not. When new employees are hired, they need access to email accounts, instant messaging accounts, applications, and other things they need to do their job.
This can be done in an ad hoc way or a coordinated way, but it will get done, one way or another. And how it is done has profound implications for a company's security, productivity, and budget. User provisioning is the process of allocating privileges and permissions to users so they can do their jobs while protecting enterprise security. It involves creating user accounts, giving permissions, changing accounts or privileges, and disabling and deleting accounts.
Appropriate user provisioning is essential for work efficiency and organization productivity, security, and compliance and auditing. As organizations expand, proper user account provisioning becomes even more crucial. Now, let's look at some mistakes organizations make in provisioning users. We'll call these the bad and the ugly ways to provision users.
The Bad and the Ugly
Ad Hoc Provisioning
There is a lack of communication between HR and IT about new employees. IT may get an email or a ticket to provision a user without any prior notice.
The IT team might even get a "fly-by" request wherein the manager says the new employee doesn't have the access they need to do their job and they need it now. The immediate problem gets taken care of, but there is no coordinated process for tracking the user's access. If the employee changes roles within the company or leaves the company altogether, there is no follow-up to alter access or deprovision it all together.
Worse still, the manager and employee might ignore IT and use unsecured cloud-based IT and apps from third parties. It seems easier to put third-party services on the company card than to go through IT.
This is called shadow IT, and it's not confined to provisioning users. The business unit feels like it can't get what it needs from IT, so it buys its own tech. Shadow IT opens the organization up to security risks because the in-house IT team is often not aware of this technology. It also increases costs by duplicating technology that is already available to employees through enterprise licenses.
Shadow IT is a big problem for many organizations. Gartner estimates that 30-40 percent of IT spending in large organizations goes to shadow IT, and the Everest Group puts that figure at half of all IT spending.
With automated user provisioning, HR manages inputting the new employee information into the system. Once HR marks the employee record as active, IT automatically picks up the change and the user's accounts, permissions, and access are created without any handoff or intervention.
The system knows what department the new employee is working in, their job title, and whom their manager is. It can report on the user provisioning status, predict what will happen, and perform trend analysis.
The "good" approach to user provisioning saves time and money and is more secure. Automated user provisioning provides many benefits to an organization:
- Simplified onboarding and offboarding of employees: You can create and maintain user attributes—such as names, roles, and profiles—and automatically assign access permissions and user accounts based on predefined roles and flexible entitlement rules. This improves productivity and employee satisfaction. Account creation is one of the first experiences a new employee has at the company.
- Streamlined user management across applications: You can automatically import users from Active Directory, Lightweight Directory Access Protocol, and other apps. You can continuously propagate user profiles to ensure that systems have the latest updates.
- Increased security: You can increase security by eliminating shadow IT and ensuring that employees only have access to accounts they need to do their jobs. Also, you can quickly deprovision access when an employee leaves and uncover unused (orphaned) accounts sitting idle and vulnerable to compromise.
- Reduced costs: You can reduce the costs associated with manual user provisioning. This helps reduce the number of tickets that IT team members have to deal with, freeing them up to focus on improving IT performance. At one customer, tickets dropped by 40 percent in three months after automated user provisioning was implemented.
- Better visibility into users and access: With greater visibility, you can uncover overprivileged users and right-size their access. You can also gain insight into security risks and threats.
- Better operational efficiency: By automating user provisioning, you put users in the best position to succeed because they always have the access they need to do their job. From an IT perspective, automated provisioning eliminates points of failure such as human error or poor process handoffs.
- Standardized technology platforms, processes, and policies: You can simplify the systems' operations by having standard integration patterns and policies. The more complex your IT organization is, the more standardization can benefit you.
How Identity Solutions Can Help
At Identity Solutions, we have a three-step process to help you implement automated user provisioning:
1. Discover and Design
We listen to your concerns, we ask questions to find the root of your problem, and then we customize a solution that meets your scope, timeline, and budget. As part of the discovery process, we assess what systems and processes are in the project's scope.
We integrate your existing business systems with cutting-edge automated user provisioning and identity management tools to create a solution that is secure and exceeds compliance requirements. We make sure all of the employees and non-employees (contractors, vendors, students, or consultants) are provisioned appropriately.
When we deploy the system, we ensure that your business process, security strategy, and identity management system are aligned. We automate user accounts' creation, the movement of users within the organization, and the deprovisioning of users who leave the company.
As your business changes, we'll be there to scale and customize your solution to fit your new needs now and in the future. Subscribe to our blog for additional information on how to secure your business needs.