Home > Blog > January 2014 > Three Must-Have IAM Upgrades

Three Must-Have IAM Upgrades


To many, managing proper user access is a zero-sum game. Either an individual, be it an employee, contractor, or outside user, has the appropriate access necessary to their job function, or they don’t. And from the customer perspective, if that in-place IAM processes appears to be working, why change it?  If ain’t broke, don’t fix it, as the old saying goes.


But because of this belief, many current users and potential buyers are unaware of the various updates in the Identity and Access Management (IAM) market that can drastically improve the IAM experience. These additions can automate certain processes, leverage in-place technologies, and further solidify user confidence in Identity and Access Management. 

As we at RSA Aveksa continue to survey the IAM landscape, we’ve noticed three new features of updated IAM products designed to make life just a little bit easier.

Now with Recommendations:

  1. Like Netflix offering recommendations based upon previous viewing habits, newer IAM updates now suggest entitlements based upon similar attributes across the enterprise. Let’s say you’re hiring a new employee in the accounting department. The update would suggest accounts payable entitlements, for example, for the new employee, cutting down on the time necessary to assign proper entitlements. Additionally, the new feature also applies to function changes.

Hiding Entitlements:

  1. At some point, users may need access to a certain application but not all the entitlements within.   Application owners concerned about inappropriate access to sensitive information or risky capabilities can now hide certain entitlements through a process known as “entitlement ring fencing.”  It’s a great new feature that allows application owners more control, which will inevitability reduce risk.

Provisioning in the Cloud

  1. New IAM solutions have brought provisioning to the cloud.  Now, users can request and provision access to applications from the cloud, regardless of whether they are SaaS or on-premise.  This can provide the same rapid time-to-value capabilities as on-premise solutions without the capital expenditures. 
  • jitendra wadhwani

    1. Suggestion : Should we also have a feature of “Self-Certification” where users are provided their own set of entitlements and can voluntarily “suggest” which entitlements are to be off-boarded / unwanted. They should not be allowed to request for new entitlements though -> this feature should be seen as clean-up and awareness activity. This will bring more awareness to the users in firm as to let them know what exactly they have and what does it mean, at the same time with their pro-activeness can help on clean-up effort as well.
    2. “Entitlement Ring Fencing” -> this reminds me of Priviliged Entitlements (can be highlighted with help of legend/icon as well)
    Jitendra Wadhwani
    Pune, India