Management of digital identities has become increasingly crucial in recent years in the management of security aspects of IT organizations.
Segregation of duties (Sod), Sarbanes-Oxley Act (SOX), Leg. Dec 30/06/2003 no. 196, Code of Digital Administration, art. 4 of the Directive 8/09 by the Ministry of Public Administration and Innovation, Leg. Dec 231/01: these are only some of the laws that make the need to adopt solutions that can ensure regulation and control of users' credentials and control on access unavoidable, identifying and managing what is defined as “Digital Identity”, tracing and storing all the events connected with the life cycle of a digital identity (activation, authorization, profile changes, suspensions, revocations, reactivation...).
In order to implement an IAG solution, Engineering uses an approach that foresees an assessment in order to understand the client's business context and to examine the pre-existing organizational infrastructure. The analysis method used is based on the high level of experience acquired in consultancy services for international standards, such as BS7799 and ITIL.
Studying the current situation aims at arriving at a description of the TO-BE model to be implemented, integrated and optimizing the solutions already in use.
Over time, Engineering has established a design approach formalised in a reference framework known as "Engineering's IAG methodology", made up of best practices, checklists and tools, with the aim of speeding up all phases of an IAG project.
The scope of all the planned phases of the methodology is to define a set of actions for acquiring the data necessary for knowing and understanding the client’s scenario; activities that comprise analysis and detection to be carried out through interviews that are differentiated according to the business role covered, and through the compilation of predefined questionnaires or checklists.
The final goal of all this activity is:
Engineering's approach to an Identity and Access Governance solution therefore addresses the entire process underpinning management of information about user identity and control of access to company resources, trying to pursue the following objectives:
During the assessment phase, and thanks to its IAG competence center, Engineering can also assess the most suitable technological solutions for the client's organizational and technological context.
Engineering is a certified partner of leading products such as Crossideas, IBM, Oracle, Microsoft.
ENEL, Alitalia, Piaggio, the Italian Ministry of Health, Banca Marche, Banca Popolare di Milano, Piaggio, the Italian Ministry of Home Affairs, and UNIRE are some of the main clients who have implemented their own IAG system thanks to support from Engineering specialists.