Self service identity and access management is increasingly embraced by users and companies and it is a matter of time before it’s widely adopted due to the many benefits it offers. Of all the expectations placed on the typical IT department, managing identity and access is perhaps the most challenging for a variety of reasons.
People are often the root cause of the identity and access management challenges but not necessarily because they have bad intentions or are malicious. They change roles, leave their companies, fall victim to phishing scams that lead to the theft of their access credentials, share passwords, use the same passwords for multiple accounts, and most of all forget their passwords.
As users experience problems accessing their systems due to reasons that were listed above, they contact the help desk expecting a speedy solution. Gartner estimates that each call to the helpdesk to reset a forgotten or expired password costs the company $50. In an organization with thousands (or hundreds of thousands) of employees, those costs add up quickly.
The Self Service Solution
Many systems offer self service features to employees and customers to reduce the burden on the IT helpdesk and improve productivity as system users can quickly reset passwords online without the IT support involvement. Although the self service identity and access management concept is not new, many systems still lack self service IAM features.
Around the Y2K crisis, it became apparent that the old helpdesk model was not scaling well, especially with regards to password resets. Thus, self service identity management allowing users to reset passwords and change basic account info started to attract attention.
Back in those days, self service user identity management was sometimes web-based, but more frequently used automated call attendants because system users were familiar with the process of calling the helpdesk.
Ever since the Y2K crisis when users and companies panicked and prepared for the worst to come, self-service IAM has become commonplace, and is now often accessed via both voice and web based systems. Many years of experience and millions of transactions have provided some perspective on do’s and don’ts for implementing self service identity management.
The success of self service IAM for password resets has encouraged the delivery of automated services beyond password management. This has sometimes resulted in system security weaknesses and other issues.
Here are some pitfalls to avoid when implementing self service user identity management:
- Validating the identity of the user is absolutely critical. In the days of password reset by human helpdesk, the technicians often acted on “hunches” they weren’t talking to a true account owner. Machines still don’t recognize hunches. Perhaps the self service IAM request is from the real user; or maybe it’s from vindictive ex-husband. Social security numbers and validation questions aren’t enough any longer. Instead, consider a two-factor authentication method to confirm an identity.
- Contact information like cell phone numbers and physical addresses must be validated. Employees might neglect to update their personal contact records because thanks to direct deposit and email, people tend to be lazy or forgetful about updating their home addresses. To ensure data integrity, personal data must be validated upon updates and changes.
- Keep expectations in check. Some self-service identity management solutions may offer short term savings, however, chances are that any self-service IAM deployment won’t bring any immediate cost savings. However, the mid- and long-term prospects for cost savings on self-service IAM are excellent.
Choose Your Battles
When implementing a self service identity and access management tool, only parts of the self-service solution may be needed and benefit your organization, therefore, a requirements analysis must be made to better understand the organization’s needs and reduce the risks to the company without creating any unnecessary audit and compliance issues.
Perhaps the most important part of deploying a self service identity and access management solution is remembering that one size does not fit all.