Strengths: Focused functionality, easy to deploy
Weaknesses: Very large organisations may question the per-user cost
Verdict: An extremely useful tool to ensure that your access rules are being maintained across the enterprise
We now find ourselves in a world of regulatory compliance. It didn't use to be that way, but it is a fact of life we cannot ignore. In a sense, it is good for us who administer and manage IT systems as it forces us to adopt responsible practices, especially around access control.
The snag is that some of our networks and applications have complex and dissimilar rules around the control of access, which makes common approaches to the situation quite difficult, including audits.
This is where ID-Certify comes in. It works by prompting and enforcing regular reviews of access via an automated, easy-to-use, web-based workflow. It works on the premise that individual stakeholders, such as managers, have a good understanding of their immediate area and are therefore able to review and sign off user entitlements for their subordinates.
If we consider the entire hierarchy of an organisation, we can appreciate that this is scalable from the lowest levels right up to the top. We can, however, subdivide stakeholders into managers, who look after people, application owners, who look after access to individual applications, and group owners, who understand group membership and can manage it accordingly.
Much of this information will already exist, of course, via corporate directories, application logs and other repositories, but without a means of drawing together the overall management into a single coherent entity. ID-Certify provides that entity.
It effectively manages access review for all stakeholders via an intuitive workflow, escalating the situation should reviews not be completed on time. If reviews identify that access rights are no longer needed, then ID-Certify can automatically deactivate those accounts.
Furthermore, it provides a comprehensive audit trail of all such reviews and events, ensuring that your organisation can demonstrate compliance where required. For some companies, this could be a godsend in terms of saved time alone. However, as previously indicated, it also serves to instil good and sustainable access control practice in general.
Deployment of the product will be straightforward in most cases, and the interfaces are slick and attractive. Its own authentication rules are flexible and it can help in setting password complexity and other functions as appropriate across the estate.