HR and IT professionals in Singapore must work together to ensure a robust Identity and Access Management (IAM) framework, said Lennie Tan, Asia Pacific & Japan vice president and general manager at One Identity.
IAM is all about ensuring that the right people have the right access to company resources, added Tan.
A recent research commissioned by One Identity found many compelling insights pertaining to the dangers of old-fashioned practices for provisioning and de-provisioning employee accounts, as well as authorisation.
De-provisioning is the process of turning off accounts and revoking access rights when they are no longer needed. Poor de-provisioning, either through outdated and cumbersome manual processes or limited tools, is the primary cause of dormant accounts, explained Tan.
“Stated plainly, the practices and technologies that served HR and IT professionals so well in the past, simply are inadequate in today’s digitally transformed world,” he said.
The research revealed insights into IAM practices and perspectives of organisations in Singapore:
- One in four (22%) expressed that they were “very confident” that user rights and permissions are correct
- Three-quarters of respondents were unsure of the fundamental aspect of access control and authorisation
- 19% of respondents here are “very confident” that users are de-provisioned properly, and only 7% reported that users were de-provisioned immediately upon a change in employment status
- 100% reported that while they have a process for de-provisioning, it requires IT intervention
Tan also shared suggestions on how HR and IT can work together to prevent data breaches.
Firstly, both teams must determine a single source of authorisation. HR must define business roles and let the line-of-business be the decisionmaker to prevent any miscommunication with IT when authorising employees.
Secondly, companies should de-provision accounts immediately and completely as soon as the employee’s status becomes inactive in the HR system.
Lastly, companies can implement identity analytics to proactively evaluate systems and check for user rights.
“Security is a shared responsibility, and solely relying on IT to safeguard your interests is a costly mistake that can be avoided. When it comes to ensuring data security in an organisation, HR has much to contribute.”
Related stories:
Why should companies invest in HR tech?
What emerging technologies will shape tomorrow’s workplaces?