11 Ways To Measure The Effectiveness Of Your Identity & Access Management (IAM) Solution

Identity Access Management (IAM) is a set of business policies, framework and processes which ensures the right person has access to the right asset/resources. Identity Access Management solutions can deliver intangible benefits that are revenue increasing and other tangible benefits that are cost reducing.

Here are 11 Ways To Measure The Effectiveness of your Identity Access Management (IAM) solution:

  • Average number of distinct accounts (credentials) per user:
    Generally an organisation has multiple number of accounts per user. Identity Access Management (IAM) solutions can help organisations to reduce this number close to one using their SSO (Single Sign on) functionality.
  • Number of unused accounts:
    Identity Access Management(IAM) solution can also help in reducing the number of unused/uncorrelated accounts. Uncorrelated accounts are the accounts which don’t have any owners and they come into picture because of promotions, transfers, and termination of workforce. These uncorrelated accounts can create risk for the companies if being hijacked by outsiders.

  • Number of new accounts provisioned:
    Number of new accounts provisioned should be equal to the number of new joinees. If there is a significant difference between these two numbers then it indicates that your IAM solution is not effective to give correct identity data.
  • Number of exceptions per access re-certification cycle:
    Exceptions means when the user is assigned the rights he/she should not be given. High number of exceptions can be because of poor identity data or access process problem (persons requesting re-certification do not have all the information required).
  • Password policy effectiveness:
    To measure the effectiveness of your IAM solution you can check the password reset data for a period say one month. With an effective Identity Access Management (IAM) solution this volume of data should tend to go down. If it does not, then there may be some issues with the password policies and management of your organisation.
  • Average time to provision and de-provision of a user:
    For an effective Identity Access Management (IAM) solution, this metric should come down.Most of the time, if someone is not getting the timely access, then there are backend processes responsible for that. This gives you an indication that you should work on your business processes.
  • Average time to provide an authorization
    For an effective Identity Access Management (IAM) solution, this metric should come down.This metric can provide insight into the efficiency of an organization's approval processes.Knowing the time taken can help to resolve the bottlenecks and help in improving out dated processes.

    ( Read More: Checklist To Assess The Effectiveness Of Your Vulnerability Managem... )


  • Average time to make changes in identity policies:
    For an effective Identity Access Management (IAM) solution, this metric should come down as IAM solutions can aid centralization of policies. So changes are faster compared to traditional ways. Organisation wide changes can be made easily.
  • Violation of separation of duties:
    For an effective Identity Access Management (IAM) solution, this metric should come down.The organization should implement preventive controls to monitor these violations, report them and orchestrate their remediation.
  • Reduced identity management cost
    For an effective Identity Access Management (IAM) solution, this cost of managing the large amount of identity store should come down. An effective IAM solution will provide the capability to expand the organization’s people and IT resources without increasing the IT staff.

More:  Join the community of 3000+ Chief Information Security Officers.  Click here

Views: 3734

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */