classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Identity and access governance
October 2014, Access Control & Identity Management

When people think about securing their network, the term identity and access governance (IAG) might not come to mind. Most likely this is because they do not truly know what IAG is or how IAG solutions can be used. They might also believe that IAG is a high-tech, expensive solution that will make them bust their budget and take years to implement. In actuality, there are many different types of solutions that make up IAG. Organisations are able to pick and choose which solutions work best for them, and solve their security issues, as well as many other problems they may be having.

Dean Wiech
Dean Wiech

So what exactly is IAG? Gartner defines IAG as “the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAG addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. Enterprises that develop mature IAG capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.”

So what does this all mean for an organisation? Identity and access governance solutions can help beef up security efforts in many different areas of the organisation. The following is a list of five ways that companies can use IAG solutions to secure their networks.

Simple single sign-on

One of the easiest ways to pump up the security in any organisation is to use a password solution. A recent survey found that a majority of employees from different backgrounds and various industries have upwards of seven sets of credentials that they need to remember. In addition, these passwords need to be changed every month or so and need to meet certain password requirements, such as having a certain number of characters, use of a symbol, etc. Is it any wonder users write down their credentials? Simply put, the typical individual cannot remember that many advanced sets of usernames and passwords.

One of the easiest solutions to this is a single sign-on (SSO) solution. This allows employees to use a single set of credentials to access all of their connected systems and applications. Almost everyone has heard of SSO, but some organisations are hesitant to implement the solutions or believe they won’t be useful. They feel that giving their employees a single password may increase security issues.

In actuality, having one single set of credentials that a user does not need to write down to remember is a lot easier and safer than not. Doing so means employees are far less likely to write down credentials, and they will likely be thankful in the long run for all the headaches and time you saved them.

Advanced password security

While SSO adds a layer of security, there is an additional step that can be taken to further increase password security. Two-factor authentication can take single sign-on and add an additional layer to it.

What is two-factor authentication?

For organisations that are dealing with highly secure data, instead of requiring end users to enter just a username and password, they are required to log in by presenting a smartcard to a reader and entering a PIN code. Combining a smartcard and a PIN code ensures strong authentication because it is based on something users have (the smartcard) and something they know (the PIN code). This is extremely useful for settings such as hospitals where users need to quickly log in and would benefit from SSO, but still need to ensure that there is a strong security.

Ensuring roles are correct

What about ensuring access rights are correct? Organisations need to make sure that only the appropriate people have access to secure data. This can be a daunting task especially for companies with a larger number of employees. Manually checking each employee’s rights is virtually impossible.

Through the day-to-day activity of employees joining or leaving the organisation, it is easy to lose track of who has access to what. Accounts are provisioned, credentials are shared, employees are given special access for a project but access is never revoked. It is exceedingly easy to lose track of who has access to what systems and applications.

Organisations need to be able to ensure that each employee has the correct access in a quick and convenient way. One way this can be achieved is through role-based access control (RBAC). RBAC is a technique for implementing authorisation management across the organisation and involves assigning privileges on the basis of RBAC roles rather than assigning access privileges to individual users. These roles in turn comprise the department, title, location and cost centre associated with an employee, ensuring that every employee has access to systems and data that are consistent and appropriate for their role in the organisation. So, it can easily be set up so that, as an example, employees with managerial titles will receive certain access rights while assistants receive different access rights.

Revoking access

One of the biggest security issues that organisations face is when an employee quits or is terminated, and they are inadvertently left active on the organisation’s network. More times than not, this task is overlooked since someone has to go into each application and manually disable the user, which can be extremely time consuming.

This is a serious security risk since an ex-employees will still have access to the company’s data and network. There have been many cases where disgruntled employees either reap havoc on their ex-employer’s network or steal important customer data. This issue also commonly takes place when an organisation hires either temporary or seasonal employees. With the constant movement of these types of employees it is easy to lose track of whose accounts are active.

With an IAG solution, a link can be made to synchronise the organisation’s source system user accounts with network-based user accounts. In many cases, HR systems or CRM are often used as a source system. This allows the organisation to synchronise and automate its account management between all of its systems and applications.

So, when an employee leaves the organisation a manager simply has to disable the employee in the source system and they are automatically disabled in all the connected systems and applications. Additionally, if a manager needs to access certain files in a home directory or desires emails to be forwarded, this work can also be easily transferred to the manager.


Meeting audit and compliance rules and regulations can be extremely annoying. These rules are in place for a reason; they ensure that certain information and data is kept secure, including customer and company data. That being said, it is still a huge annoyance to meet many of these very detailed regulations. An easy way to handle this is to do continuous reporting so that when it comes to audit time all the work does not have to be completed at once.

Many IAG solutions allow for automatic reporting to be set up according to your specifications. For example, a manager can easily generate a report on who has access to a certain system or who is making changes in an application. A Web portal can allow a manager to start a workflow process to correct any irregularities that are noted. This also helps when it comes to audit time of the year. Instead of spending days gathering the information for an audit, all of this work is already completed.

These are only some of the ways in which an IAG solution can assist with security in an organisation. IAG as a concept has many different solutions that can be beneficial for ensuring that an organisation’s network is secure and meets all compliance requirements. Of course, it helps with many other areas, such as productivity, compliance, budget, etc., making IAG solutions extremely beneficial for growing organisations.

For more information go to

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Stop hacking of access control ­systems
    March 2019, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
    Think someone hacking your access control system not a big deal? Scott Lindley suggests that you think again.
  • ERS integrates Suprema biometrics
    March 2019, Suprema, Access Control & Identity Management
    ERS Biometrics and Suprema have announced the recent integration of Suprema BioStar 2 into the ERS Biometrics Time and Attendance software module.
  • Secutel partners with Matrix Comsec
    March 2019, Secutel Technologies, News, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management
    Secutel Technologies announced it is the exclusive distributor of Matrix Comsec access control products and IP video management software in South Africa. Established in 1991, around 40% of Matrix’s ...
  • Countering the threats of retail ­terrorist vehicle attacks
    March 2019, This Week's Editor's Pick, Access Control & Identity Management, Security Services & Risk Management, Retail (Industry)
    Bollard systems operate individually or in groups and are aesthetically pleasing and let pedestrians move between them in non-roadway applications.
  • Shopping with your face
    March 2019, ZKTeco, Retail (Industry), Access Control & Identity Management
    Facial recognition is being used in many businesses to verify payments, grant access and improve existing security systems.
  • Cash in with true identity
    March 2019, Suprema, Access Control & Identity Management, Products
    Cash is inherently risky, costly and easily exposed to fraud, thus necessitating the need for stronger security such as opting for the integration of biometrics into cash handling solutions.
  • Hosted access control improves recurring revenue
    March 2019, Elvey Security Technologies , Access Control & Identity Management
    Containing costs and increasing convenience with cloud-based access control system hosting.
  • A logical solution for cyber solutions
    March 2019, Suprema, Cyber Security, Access Control & Identity Management, Products
    BioMini Slim 2 is a thin, FBI PIV and FBI Mobile ID certified FAP20 optical scanner with a large platen for easy capturing of fingerprints.
  • eCLIQ electronic locks
    March 2019, ASSA ABLOY South Africa, Access Control & Identity Management, Products
    An innovative and easy to install access control solution that offers reliable protection and maximum flexibility.
  • Latent fingerprint examination system
    March 2019, IDEMIA , Access Control & Identity Management, Products
    IDEMIA Case AFIS revolutionises latent print examiners comparison speed, accuracy and operational quality excellence.
  • Mobile access and more
    March 2019, Access Control & Identity Management
    HID Global helps create an integrated mobile experience and enhances security at the new Skanska office complex in Warsaw.
  • The future of visitor management
    March 2019, Technews Publishing, Access Control & Identity Management, Integrated Solutions
    A new corporate visitor management solution from Kenai makes a good first impression for visitors, while simultaneously improving building security.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.