Products and Solutions

SecurID Governance and Lifecycle: Joiner, Mover, Leaver Basics

Mar 15, 2021 | by Jerry Aubel |
Visualization of IGA process

Imagine this – You’re attending the cybersecurity equivalent of the Oscars. Anticipation is palpable as the host begins to announce the winner of the coveted “Identity Process of the Year” award…and the winner is: Joiner-Mover-Leaver!

Perhaps that’s a geek pipedream. But even if joiner-mover-leaver (JML) policies aren’t hobnobbing on the red carpet, they can still be a major asset in helping organizations improve operations and enhance security.

In my last blog, I discussed password management and self-service password reset functionality in SecurID Governance and Lifecycle. Today, I’ll look at how sound and automated JML policies and processes can deliver a great business user experience, reduce identity risk, maintain compliance, and reduce IT cost.

The JML process, just like other identity and access management processes, starts with data, usually from an HR system or Active Directory. When a new employee joins an organization, the SecurID Governance and Lifecycle solution can set up and grant a user the correct bundle of access and entitlements for their role (‘birthright access’) based on HR data, so they can be productive starting on day one.

What happens when an employee moves within an organization? For instance, if Bob moves from the Acme Marketing department over to Finance, then the solution can grant Bob access to applications based on his new role (like to invoicing or accounts payable resources), while also revoking his access to previous tools automatically to help avoid overprovisioning. The solution delivers application-specific access policy management with fine-grained controls.

Imagine all this happening without human intervention: the solution just takes a trigger from HR and does the rest. We’ve heard of customer cases recently in which an enterprise had to move nearly its entire staff to remote workers overnight. This task could have strained provisioning processes and access controls, but with SecurID Governance and Lifecycle, the access changes literally took only minutes.

The solution provides visibility and dashboards to let admins and executives gain insight from user actions, such as the number of JML transactions, breakdowns of cost savings through automation, and the ROI of the solution. SecurID Governance and Lifecycle is flexible, simple to deploy, and provides for the creation of JML rules through a straightforward and configuration-based approach. Users can create time-bound rules to revoke or disable access for temporary leavers, for intermittent contractors exiting and rejoining an enterprise, and even for machine or non-human accounts.

SecurID Governance and Lifecycle delivers confidence to the organization. Confidence in automating processes, ensuring that only the right users have access to the right entitlements based on their roles, and confidence in minimizing risk from orphaned or overprovisioned accounts. Additionally, the solution can save software licensing costs by automating the deletion of leaver accounts.

By automating your JML processes, you can help your organization maintain a strong security posture, reduce costs and reduce identity risk to your business. Click here to learn more about SecurID Governance and Lifecycle. To help understand how well you are managing your identity risk, try our IAM Risk Intelligence calculator.