Stopping corporate IT break-ins

Shutting the door to IT systems after staff leave the business and allowing workers to safely log in from home can be a major headache for business.

In an identity management guide published today, the Corporate IT Forum (TiF) recommends using automation to smooth over some of the difficulties in keeping track of who is accessing what.

According to the guide, companies should approach identity management by asking the following questions for each member of staff - "Who are you?", "What is your business here?" and then "What IT elements and data do you need?".

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

That information should be put into a Lightweight Directory Access Protocol, which sets and controls staff access to applications and services, and then governed by a set of variables: have staff got permission to create/modify/delete a data set, for example, and when do those access rights need to be withdrawn?

As well as helping out administrators, the system will allow staff to log in just once to use all the systems they have access to.

However, some business decisions should still be made by management and not the automated system, such as whether to grant access to business critical data to a temporary employee, the guide advises.

The report says this approach will save a business money and time, reduce the risk of human error, ease staff access to company systems and provide a clear audit trail.

Head of research at TiF Ollie Ross said: "Proper identity management and role-based access gives a better handle on who in the business is accessing what, from what and for what purposes - from the desktop through to handhelds."

International information management group Reed Elsevier helped produce the report and is itself wrestling with how to simplify controlling systems access among its 8,000 IT users.

Ruth Harris, head of project management office Europe for Reed Elsevier Technology Services, described the challenges controlling staff access poses for the company.

She said: "We have users all over the world using a number of different applications with different IDs and passwords.

"When those staff leave, you have to go through each application they have access to, both centrally and locally, and then disable that access.

"We are looking into how to make this process simpler by having a system that allows you to only have to tap in once that this person is leaving and it will disable their access to all applications."

To find out more about the TiF guide, visit TiF's website www.tif.co.uk.