This is the first in a two-part series on identity and access management options for small and midsized businesses (SMBs).
The steps for setting up an access management system in an SMB are similar to that of larger enterprises. The difference, as with many IT issues, is that SMBs have more limited resources and smaller budgets. However, the approach is essentially the same.
There are three steps: evaluation, planning, and implementation and provisioning.
Evaluation
Take a close look at what you must secure and who needs access to it. You will need a complete inventory of the systems your users will be accessing, which includes hardware (desktops, workstations and servers) and software (specific applications). You'll also need a list of the individuals inhabiting your network, which includes the number, names and job functions of active users.
Next, you'll need to do good risk analysis. Determine and rank the systems accessed based on the risks of unauthorized access. Which systems contain the most sensitive data? Which contain payroll or, say, confidential engineering or marketing plans, and which contain less sensitive information that's already available to the public? Also con
To continue reading for free, register below or login
To read more you must become a member of SearchCIO-Midmarket.com
sider your e-mail system. This will determine how much effort is required and where you should direct your access management dollars.
Planning
Gather the following information about your user base:
Implementation and provisioning
Pick a system in preparation for the implementation phase. Here are some questions you'll need answered:
Finally, determine who on your team will be responsible for the identity and access management system, and how it will be maintained. Chances are, your network staff may double as both your information security department and your help desk. In these roles, they are probably setting up user access and provisioning user IDs -- skills that are necessary to successfully implement and deploy any identity and access management system.
Read part 2 of this series: Implementing ID and access management.
Joel Dubin, CISSP, is an independent computer security consultant in Chicago. His specialty is Web and application security. He is a Microsoft MVP in security. He is also the author of The Little Black Book of Computer Security, available from Amazon.com, which has tips on setting up an access management system.
