The life cycle of digital identify: tougher IT security

Management of digital identities has become increasingly crucial in recent years in the management of security aspects of IT organizations.

Segregation of duties (Sod), Sarbanes-Oxley Act (SOX), Leg. Dec 30/06/2003 no. 196, Code of Digital Administration, art. 4 of the Directive 8/09 by the Ministry of Public Administration and Innovation, Leg. Dec 231/01: these are only some of the laws that make the need to adopt solutions that can ensure regulation and control of users' credentials and control on access unavoidable, identifying and managing what is defined as “Digital Identity”, tracing and storing all the events connected with the life cycle of a digital identity (activation, authorization, profile changes, suspensions, revocations, reactivation...).

In order to implement an IAG solution, Engineering uses an approach that foresees an assessment in order to understand the client's business context and to examine the pre-existing organizational infrastructure. The analysis method used is based on the high level of experience acquired in consultancy services for international standards, such as BS7799 and ITIL.

Studying the current situation aims at arriving at a description of the TO-BE model to be implemented, integrated and optimizing the solutions already in use.

Over time, Engineering has established a design approach formalised in a reference framework known as "Engineering's IAG methodology", made up of best practices, checklists and tools, with the aim of speeding up all phases of an IAG project.

The scope of all the planned phases of the methodology is to define a set of actions for acquiring the data necessary for knowing and understanding the client’s scenario; activities that comprise analysis and detection to be carried out through interviews that are differentiated according to the business role covered, and through the compilation of predefined questionnaires or checklists.

The final goal of all this activity is:

  • identifying the final structure of data that will be handled by the IAG system in order to obtain the operating results foreseen by the model
  • accurately identify, for each of the resources to be integrated, the characteristics of the current Identity Management (User Management and Directory Services) and
  • Access Management (Authentication and Authorization) processes and establish the gap compared to the corresponding implementations in the context of the IAG system
  • accurately identify, for each of the resources to be integrated, the technical requirements for actual integration.

Engineering's approach to an Identity and Access Governance solution therefore addresses the entire process underpinning management of information about user identity and control of access to company resources, trying to pursue the following objectives:

  • increasing productivity and ease of use of the IT system by final users (reduction of number of credentials and passwords, ease in recovering forgotten and/or expired credentials...), reducing the cost of Help Desk staff who are dedicated to this type of service
  • increasing the general level of security, reducing costs of managing users and their identities, attributes and credentials, of managing authorization profiles and management of different events that may contribute to changing a profile and consequently realigning this information on all the information systems integrated into the IAG system, and which is affected by the role filled by the user.

During the assessment phase, and thanks to its IAG competence center, Engineering can also assess the most suitable technological solutions for the client's organizational and technological context.

Engineering is a certified partner of leading products such as Crossideas, IBM, Oracle, Microsoft.

ENEL, Alitalia, Piaggio, the Italian Ministry of Health, Banca Marche, Banca Popolare di Milano, Piaggio, the Italian Ministry of Home Affairs, and UNIRE are some of the main clients who have implemented their own IAG system thanks to support from Engineering specialists.