As the identity and access governance market has matured, the affordability and ease of implementation has become such that it is now within the budget realities of many small and medium sized manufacturers. In fact, with the explosion of cloud applications usage, access governance can actually be a time- and money-saving endeavor.
The days of employees and managers being chained to a desk behind a PC or work station are rapidly disappearing and the workforce is now using multiple devices for accessing cloud and web applications from multiple locations. In manufacturing, tablets are often used in the front office, on the road and from the production floor. Ensuring that each type of employee has the correct access to the systems and information they need, and nothing more, can be a daunting task for the often overworked and understaffed technology department.
So how do recent advancements in access governance aid manufacturers in this regard? The integration of previously disparate components of access governance allows the management of users and their need for access to applications and data from their initial hire date until they leave or retire. Let’s take a more in-depth look at how these modules work together to provide for ease of use form both the employee and IT perspective while providing for the required security.
When an employee is hired, an on-boarding form is typically filled out and forwarded to the HR department for entry into the HR and payroll systems. This same information can be utilized by the IT department to create the network account and required system access. The provisioning components of access governance technology can automate the IT process in its entirety. By using information on the onboarding form, it is possible to determine a person’s role in the plant based on location, department, title and other relevant attributes. This information can be mapped via an access governance matrix to be translated into the appropriate applications and data the individual will require at the onset.
As an employee’s career advances within the firm, chances are their responsibilities will change as well. As the department, title and location are updated in the HR system, this information is utilized to update their system and data access in the network. Inevitably, some changes may be needed on a temporary basis for a special project or to cover for an employee on leave. These can easily be handled by an access governance web form and workflow module. The employee makes the request, has it electronically approved by the responsible party and the IT department reviews and the change is committed to the network.
The final stage is when the employee leaves the company. The HR department team sets a “terminated date” in the employee management system and the access governance solution can detect this and ensure access to all systems is disabled at the appropriate time. Other processes can be put in place to automatically forward emails to the person’s manager, zip their home directory and provide access to a responsible party for review. Another process can detect when the employee’s account has been disabled for a specific time frame and delete their account entirely.
Now the access to applications and data are under control, the next step is to make sure that employees have a pleasant user experience during their tenure. Access governance technology has made great progress in this regard as well. The first item these systems can tackle is self-service password reset. Much like a banking website, users enroll via a selection of challenge questions. Should they forget their network password, they can simply click a link, provide their personal answers and reset the password without needing to contact the helpdesk. This is especially useful for second and third shift employees who may need their password reset outside the normal hours of the helpdesk.
Another area where access governance provides ease-of-use functionality is via single sign-on. These solutions allow users to log into a portal where all of their authorized applications are available. The IT staff can pre-load the credentials required for all applications and end users simply click on the icons and gain access to the systems as needed from their PC, tablet or smartphone. To enhance security, the IT department staff can control the access to the portal or specific applications via multi-factor authentication, time of day, IP range and many other factors. This makes life significantly easier for employees as instead of remembering a dozen sets of credentials, they now only need to remember their network user name and passwords.
As the access governance market continues to mature, the costs of these applications along with the time and effort to implement continues to decrease. Better, faster and less expensive — all while the security for IT and ease of use for employees increases.
Dean Wiech is managing director of Tools4ever.