Research Project
GROUP 14
ACCESS CONTROL - ISOL 534
David Obasiolu
Gaurav Venkatesh
Anurag Pallala
Suresh Komirishetty
Title
Automating access controls (IAM) will cost less than Manual access controls (IAM) in a fast-growing organisation
Abstract
In today's quick paced I.T environment, there is a dire need in organizations for automation in administering access control effectively. Access control can be automated with the use of digital profiles through Identity and Access Management (IAM). IAM is the lifecycle management of an employee’s digital identity that encompasses the provisioning and de-provisioning of a personnel’s access to resources within an organization. With the use of automation over manual intervention in IAM, organisations will increase productivity, minimize human error and reduce overhead costs while maintaining an efficient and secure environment.
Introduction
Access control is the foundation of information security in an organisation
“80% of security breaches involve privileged access” - Forresters Research’s 2017
Automation of IAM will enable the seamless and efficient management of access controls to ensure segregation of duties and the principle of least privilege.
“66% of organizations still rely on manual methods to manage privileged accounts and access” - Thyotic’s 2016 State of PAM report.
Materials
Various IAM software suites such as [IBM ISIM/ISAM, Sailpoint, Oracle etc.]
Cost of IAM Software:
Average cost of Security professional and salary inflations
Average number of security professionals needed in an automated IAM organisation
Average number of security professionals needed in a manual IAM organisation
Methodology
Cost of an Automated IAM and Manual IAM
Annual cost of automated IAM = cost of IAM Software + annual salary of IAM staff to manage an automated system.
Cost of IAM Software: total employees in an organisation per month * cost of IAM software per individual * 12 months
Annual cost manual IAM = (average % of security professionals required to manually manage the total number of employees in the organization * number of employees in the organization) * average salary of a security professional
Justifications: Annual cost of manual IAM / Annual cost of automated IAM
Results
The calculations and the charts should indicate a strong move towards automation of most IAM with little manual intervention.
It will also indicate the savings as the organization scales. To Prove the results of our Project we submitted quotes to Companies which provide IAM software. Then we will study on companies that use IAM softwares with minimum of 3000 employees and calculate the savings, Return of Investments with calculations provided in Methodology
Thank You!
Any questions?