In any organization on a regular basis new people are onboarded. At some point in time those people will change roles or leave the organization. Like people, identities, either used by people or systems, also have a lifecycle that must be managed in a proper way. The access of resources by those identities must also be properly managed and logged when regulations require it. Maintaining the correct administration for every identity saves you from headaches in the future. Not having this administration will make it seriously difficult to manage those identities.
In some cases delegating specific rights using the least privilege principal is preferred and also a best practice. For certain scenarios, this experience is enhanced by delegating those specific rights at the required moment for the required duration. Don’t forget that what is easy for you can be easy for others! Convenience is tempting, but not necessarily always “the correct” solution! The correct balance must exist. Ultimately, the goal is “to enable identities to access the right resources at the right time for the right duration and the right reasons“.
Identities for applications and additional identities for persons must be recertified periodically. This prevents unused identities, with possibly too many rights, ultimately posing a risk to the entire environment. And to be honest, it also prevents from having a huge mess in your environment.
These are preferred practices that are independent of whether you manage your identities locally, in the cloud, or both (hybrid). Identity and Access Management done right is an investment for an agile future! This investment will pay itself back in terms of: 1) you really know your environment, 2) you need less time and money for future actions, 3) you avoid serious problems.
CoC (NL): 188.8.131.52 || VAT ID: NL002970959B74
Unless otherwise stated and/or agreed, the NLdigital Terms and Conditions 2020 (English version) (Dutch version) apply to all our offers and agreements, deposited at the District Court Midden-Nederland, location Utrecht. In the event of disputes concerning interpretation of the English version of the NLdigital Terms, the Dutch version takes precedence.