Access and Event Management - Essay Example

? Access and Event Management Table of Contents Executive summary ………………………………………………………………………3 Introduction ………………………………………………………………………………3 Business challenges……………………………………………………………………….4 Directory Services…………………………………………………………………………5 Identity Life Cycle Management Services………………………………………………...5 Management services………………………………………………………………………6 Advantages of Access Management……………………………………………………….7 Disadvantages of Access Management…………………………………………………....8 Event Management……………………………………………………………………….. 8 Advantages of Event Management………………………………………………………..11 Disadvantages of Event Management…………………………………………………….12 Information Technology Infrastructure Library (ITIL)…………………………………..12 Advantages of ITIL……………………………………………………………………….13 Disadvantages due to lack of ITIL………………………………………………………...14 Conclusion…………………………………………………………………………………14 References…………………………………………………………………………………16 Access and Event Management Executive summary Organizational information is critical for business competitiveness. This requires a carefully monitored access process. Employees should also be restricted from accessing some information in the organization. This is enabled by installing authorization and authentication processes. Security measures imposed on information systems restrict unauthorized external access. Every access, function, or activity is documented. This information is stored in event logs. These logs are required by the law and also help the organization eliminate certain risks. The documentation provides a framework for easy restoration of systems when they fail. The organization can also use them as evidence against unauthorized access to the systems. ITIL is an automation infrastructure for information exchange and process management. Organizations can share information through this infrastructure. Introduction Access management refers to authorization of humans and privileges to a system within or across enterprise boundaries. Business organizations have information that requires protection against unauthorized access. Organizations set up policies that govern those who access information, and what levels they can access. For example, managers can access salary information about subordinate workers, but cannot access that of the chief executive. Companies and executives can grant access to external users for information about the organization. This access is important for knowledge sharing and managing available resources. Every access to information is documented in event logs. These logs keep records of all activities in the information systems. Failures are also documented and used by the system administrators to restore the system. Event logs are stored in servers, computers, and routers. Access management deals with authorization and authentication procedures set up by an organization. Event management is the way an organization keeps records of events regarding the information system. Automation refers to activities that take place without human intervention. The path taken by events from the source to the destination is called event flow. A file containing a list of events that have occurred is called an event log. These logs are stored in a log server or a computer. ITIL is an IT service management infrastructure. It helps in the automation of business processes. Business challenges Many organizations have shifted to using the internet for their business activities. This creates the challenge of maintaining flexibility and a secure environment. These businesses have to open their networks to customers and partners. The organization has to maintain the security of their assets and organization privacy. Organizations therefore need tools and security policies for efficient management. There is a lack of a centralized method to manage access accounts, which poses a security threat to resources. Organizations have to manage relationships with different employees, customers, and business partners. Employees require quick access to information for maximum productivity. Customers require web access for purchases and security for data and transaction confidentiality. Business partners require access to confidential information between them. The organization is therefore required to maintain an integrated identity and access management approach. This approach should involve both IT systems and web services. Content management through the web requires controlled access to information (Khosrowpour, 2005). Directory Services These services provide a central identity for I&AM solutions. They have a repository that contains information about user profiles, and passwords. The system contains directories, databases, and flat files. LDAP provides a standard for centralized storage and management of identity details. In some organizations, more than one directory is required. The directories can have one entry point. This enables centralized management of the existing directories. Metadirectories have been introduced for this purpose. They provide a view of isolated identity information stored in several locations in the world. The date values in each source are synchronized throughout the organization. They also provide access to both LDAP and non-LDAP directories. The organization can have heterogeneous infrastructures, which can be managed through the LDAP interface as stated by SANS (2005). Identity Life Cycle Management Services This is a process of modifying user attributes, entitlements, and their credentials. This is based on business policies and enterprise populations. These services include: provisioning, an administration process for digital identities. The identities modifications are also propagated to all applications. Delegated administration; some accounts are delegated management functions. This is utilized in partner accounts. Self-service administration; the user administers some of the attributes. Credential and password management; authentication and authorization keys are carefully administered using appropriate technologies and procedures. Provisioning services allow for the centralizing and automating the processes of managing user accounts and entitlement across multiple applications and directories. Provisioning must be in accordance to the operational procedures of an organization. Approval by the management is required for account creation and execution. The main steps involve registration, approval, and termination of accounts. Management services Authentication process is used to verify the identity of person’s or entities. Several techniques control authentication processes depending on resources to be protected. These techniques use integration of both software and hardware. The aim of access control software is keep guard of sensitive information. Software guards are inserted in applications for access decisions as stated by 2AB (2004). The authentication methods include user name and passwords, personal identification numbers, digital certificates, biometrics, smart cards, electronic passports, and hardware tokens. Single Sign On allows authorized users to access multiple resources by authenticating only once. The user has to remember only one password and once authenticated, the system updates the credentials to other resources. After authentication, the system performs authentication. This determines the user permissions to access certain resources and perform certain actions. The resources have security clearance levels to prevent unauthorized access (Kumar, 2011). Auditing is conducted to determine who accessed certain resources and at what time. The system has centralized logs to ensure the integrity of the auditing process. The end user is responsible for ensuring security for information daily according to Harold and Micki (2011). Over the years, many companies have produced several I&AM products. Microsoft has introduced Identity and Access Management Series, IBM with Tivoli, Bull Evidian with Access Master, Computer Associates with eTrust identity and Access Management Suite and many more. These products provide access management, provisioning, and user administration. The procedure of I&AM involves documenting the infrastructure, establishing security processes, determining relationships across the boundaries, and collecting current security policies. Advantages of Access Management I. They are scalable. The software packages can support more users. The organization can increase the number of partners, employees, and customers. More applications can also be added to the existing management package. II. The software packages provide an alternative to embedding the costly access policy. The application software allow for dynamic modification, testing, and deployment of changes without affecting the codes. III. The system simplifies and secures information. It ensures that the right people have access the information according to their access rights. This management is automated and there is no duplication of data. IV. Collaboration between organizations is possible. Identification of a user is propagated to other departments and business partners. The user can then access materials, and appropriate resources in the organization. Group membership is supported by the system. V. Shared management is possible. Identity information is consolidated. This allows different decision makers to access changes in the system through quick interaction. The resource owners are linked with the technology owners. VI. Access operations are transparent. There is a single point of management. The system keeps a system log for easy and transparent security auditing. The management can know who accessed what resources and at what time. VII. Organizations can share data globally. Users can log in through the internet and access data from any part of the world. Remote workers can perform their work after passing through the authentication and authorization process. Disadvantages of Access Management I. It requires new infrastructure for establishment. The I &AM process requires databases, software packages, directories, and network for full functionality. The databases store logs and directories, and the network interconnects work stations and database servers. II. The software packages are quite expensive to buy. The company has to purchase these packages from vendors, and business applications are quite expensive. III. Technical skills are required. Knowledge is necessary for installing the software and configuring the security procedures. IV. Users can be locked out of organization information in case they forget their passwords and usernames. Event Management Events are records stored in specific areas of a computer system. They are triggered by a user or an automatic background process. For example, installing new software generates several events detailing the installation. Web servers keep event logs related to user access. Firewalls and routers log events regarding allowed, denied, and unauthorized access. Files are used to store event logs. They can be transferred to a log server through the network. Filtering mechanisms are employed in event management applications. This identifies and classifies events produced by different sources. Corporations are legally bound to maintain and review log and event data. IT and audit staff have the responsibility of analyzing this data continuously. This analysis is essential in examining system failures and security breach. Events originate from the source up to the management and storage server. This process is called event flow according to IBM (2004). Continuous assessment by system administrators is essential for identifying risks to the system and take action before actual damage occurs. One of the main purposes for event management is legal compliance. The state has set laws such as HIPAA, GLBA, FISMA and PATRIOT Act, which require organizations to assess their internal control regularly. Audit and IT staff have to consider event logs as the primary source of log data. This data provides information and the audit process is in compliance with the law. The organization secures tamper-proof archives of the original event logs. This provides evidence of legal compliance. Organizations also provide physical documentation of the logs to indicate their control over resource access. Event logs leave a trail of activities in the system necessary for auditing as stated by Rinderle-Ma (2010).Some event management systems do not store all data while others allow for deletion of archives. This undermines the legal compliance efforts of an organization. Majority of the corporations rely on information management systems for running their business operations. Event monitoring is one process of ensuring security for information systems. Security breach can destroy information, leak out confidential information, destroy customer relations, and recovery can be expensive and time consuming. Event monitoring is one of the main security methods for information systems. Employee performance metrics measure employee utilization of resources against the rules and regulations. Key cards, PABX, and keyless access systems provide log information for employees. Monitoring access and telephone systems enables corporations to measure staff behaviour within the enterprise premises. Log information passed to log servers can be used to identify unusual activities according to Babbin (2006). These include unauthorized access, and other security breaches in the organization. Event management is used to assess the health of the system. System downtime leads to loss of revenue, customer attrition, and loss of reliability. Event logs can be utilized to identify the possible causes of system failure to speed up the restoration process. Hardware crush generates error events, which are used during the restoration process. These events produce a pattern used by administrators to spot future risks and employ appropriate preventive measures. Event logs also help during forensic investigation of dubious occurrences in the network. They provide evidence of certain events that might have caused damages to the company network. Access to the system is recorded for easy identification over several platforms. Filtering tools are used to separate breach logs from other types of event logs within the system. Event filtering is used during system management by real time tracking and classification of applications events. For example, event filtering can be incorporated in the Email system. This provides control over incoming mail. The emails can be ignored, stored, or forwarded to recipients. GFI Events Manager is a software package used by organizations to manage events within their premises. It provides web and mail security, back up, archives, networking security software, and other IT solutions for SME’s. These solutions are provided either on-premise or in the cloud or integration of both. It helps the IT team keep records of all events that occur in the enterprise. These events are stored in the archives and databases, and they can be easily retrieved. The software package provides security for the organization network and systems from unauthorized access. The organization can conduct business transactions over the web due to web and mail security services. However, event logs contain only sample behaviour and should not be considered complete. Some logs are too large and complex while others are too small and incomplete according to Daniel, Barkaoui, and Dustdar (2012). Advantages of Event Management Critical events are easily and automatically separated with normal traffic Real time and clear event logs help system administrators rectify system failure or security breach. Security practices and other events are documented to prove the regulatory compliance. Event management is automated and transparent. It occurs during the day and at night with minimal human intervention. An event management and log system can be leased from the service provider to the customers. This is cost effective since the organization can utilize the providers’ network infrastructure. Event management systems are scalable. They support several users and they can accommodate new users such as new employees or business partners. Through employee performance metrics, the management can monitor employee activities continuously. The system protects the organization from attacks and system failure. It also provides quick restoration guide through the event logs. Timely forensic investigation is possible. Disadvantages of Event Management Event management requires investment in data collection, analysis, and reporting system infrastructure. Technical workforce is required for designing the system, implementation and maintenance. Special skills are required to set up the system without disrupting the normal working condition of the IT department. Thousands of event logs are generated daily in an organization. Analyzing these events is cumbersome. Event logs are distributed. They are stored in several computers, servers, and other equipment making data analysis time consuming. The event filtering tools provided with the software have limited filtering capacities. Information Technology Infrastructure Library (ITIL) It provides the organization with a comprehensive set of guidelines for supporting service management in the business process. All service processes are linked together with the people, software applications, and process descriptions. It provides knowledge about challenges in IT management faced by organizations. ITIL is a structure through which an organization can learn how other organizations are dealing with certain IT challenges. IT is the key driver of business activities and an organization requires handling any shifts in technology effectively. By managing the IT process effectively, the organization can improve resource utilization, eliminate redundant work, improve deliverables, integrate processes, and increase competitiveness. ITIL provides a description of what must be included in IT Management to provide quality service. Most of these services are customer oriented (Gran, 2005). It is essential for management of processes, functions and roles. The management can know who did what, what time, and the outcome as explained by Farenden (2011). Advantages of ITIL It provides guidelines on how to implement certain IT solutions in an organization. These guidelines are also used during the rectification of certain IT solutions. There is reduction in operation cost. The organization reduces costs due to automation of the management process. For example, Proctor and Gamble have reported an 8% reduction of operation costs. The Service desk function provides customers with an interface for their contact with the organization. The company can reduce support costs. For example Ontario Justice Enterprise reduced support costs by 40%. ITIL reduces the response time for access and event management. Automation of the systems helps the management respond to certain incidents faster. The organization can reduce costs, shorten cycle times, and improve customer satisfaction through automation. An organization can contact other organizations for support during certain incidents such as security breaches. Improved business activities. These services are aligned with the core business activities for customer satisfaction. Problem analysis is faster. Event logs stored by the system are used in problem analysis. The organization can automate intangible resources such as knowledge management and business processes. Organizations increase their first level resolution rates. The infrastructure offers the organization with problem management services. Consistent and accurate use of resources. Disadvantages due to lack of ITIL The organization lacks an infrastructure for information sharing with other organizations. The staff has a hard time dealing with incidents. They require support staff for service desks. The organization incurs more expenses. These workers are also prone to human errors. It takes a lot of time for the system administrators to analyze event logs to determine the cause of certain incidents in the organization. The infrastructure provides documentation for implementing certain IT procedures. This assistance is not enjoyed by organizations without the infrastructure. Organizations take longer to carry out their business processes. Conclusion Information is the operational base of any organization. The management must enforce measures and policies to ensure their information is protected. Access management controls the kinds of people who can access certain information in the organization. The IT department issues employees with usernames, passwords, biometrics, and other authorization measures. Employees have limited or no access to information depending on the level of their authentication. Ordinary employees cannot access information regarding executive managers and directors. However, the chief executive can access all information in the organization. Information is also shared between business partners, and regulated access is required. System administrators can install software which provides a centralized access to the date base. This allows for easy management and tracking of those who access information. Event management involves keeping records about those who accessed information and systems in the organization. Event logs are stored in computers, servers, or routers containing process information. Changes in software or hardware are also documented. New software installations or introduction or removal of hardware is stored in event logs. This enables administrators to track down any problems that might cause a system failure. Unauthorized access is documented and the organization can use the logs as evidence during legal action. The law requires organizations to continuously keep event records about their systems. There are several software packages that can provide this documentation automatically. Details about access to information provide a trail in case it was a security breach or the information was tampered with. ITIL provides an infrastructure of information sharing between organizations. It creates a virtual service desk for customer services. This eliminates the need for support staff. This infrastructure allows for documentation of processes, functions, and roles that take place within the information system of an organization. It also speeds up reaction time when a problem arises. Every organization must put in place an access and event management system to ensure date security. There are several software packages that can be integrated into the IT department for these services. References 2AB. 2004. What is Access Management? Software Guards For Integrating Applications. Available at http://www.2ab.com/pdf/AccessManagement.pdf. [Accessed May 29, 2012]. Babbin, J. 2006. Security log management identifying patterns in the chaos. Rockland: Syngress. Daniel, F., Barkaoui, K., and Dustdar, S. 2012. Business process management workshops: BPM 2011 International Workshops, Clermont-Ferrand, France, August 29, 2011, Revised selected papers. Part I. Berlin: Springer. Farenden, P. 2011. ITIL for dummies. Oxford: Wiley-Blackwell. GFI. 2011. The need for effective event management. GFI White Paper, 1-9. Gran B, and Stationery Office. 2005. Introduction to ITIL. London: TSO. Harold, F.T., and Micki, K. N. 2011. Information Security Management Handbook. Vol 5. Taylor & Francis Group: Boca Raton. IBM. 2004. Event Management and Best Practices. International technical Support organization. Khosrowpour, M. 2005. Encyclopedia of information science and technology. Hershey, PA: Idea Group Reference. Kumar, A. 2011. Oracle Identity and Access Manager 11g for administrators administer Oracle Identity and Access Management : installation, configuration, and day-to-day t asks. Birmingham: Packt Pub. Rinderle-Ma, S. 2010. Business Process Management Workshops BPM 2009 International Workshops, Ulm, Germany, September 7, 2009, Revised Papers. Berlin: Springer. SANS Institute. 2005. Identity and Access Management Solution. InfoSec Reading Room, 1.4, 4 18. Read More