Compliance. It’s THE driver for many organizations when considering identity management software and the reports this software is required to generate. Without accurate reporting and software that can be managed efficiently, IT professionals may find themselves under scrutiny from the agencies requesting compliance information and reports.
We spoke with Ben Goodman of Novell about his top expectations for identity management software. What it should do, how it should perform and the ways it should make an IT department’s (and an entire enterprise’s) job easier.
- Software should have the capability of state-based reporting so that you can look at a specific point in time and determine who had access to data and who authorized that access.
- Robust report scheduling capability. So reports are automatically delivered to stakeholders as needed. And so that relevant reports are generated and shared as needed at predetermined times and intervals.
- Software that creates relevant reports, customizable reports, is far more important to any enterprise than a product that just delivers a large number of reports. There’s much more value in being able to create reports that are specific to your operation. To that end, software that offers the ability to modify reports is even more valuable than cookie-cutter formats and reports.
- “¢ In terms of compliance reporting, what’s most important is having a reporting system that’s expandable and upgradable so that it can be used to manage all the sorts of reports you need. Internally and externally. Compliance reports are just content. Having the framework to manage that content is the real key. Especially when new regulations come out.
- While custom functions are desirable, any enterprise needs to have a good amount of out-of-the-box functionality. The proper product would – in an ideal situation – just need configuration, not programming to make it really usable. Essentially, any enterprise would like to get value from the product right away. But also leverage a software solution that has customizable features and options so you can get the full value from it down the line.
- A product that maintains the safety of data. For instance, the right software should be calling data from a reporting framework, not from the original IDM data. To protect data, a good software solution would need a middle framework to draw that information from to keep all data safe.
- Reporting levels shouldn’t be an afterthought when it comes to compliance reporting software. The org structure of a company will define who owns the risk of noncompliance. Take individual controls within the regulation and delegate ownership. The right software would ideally be able to create reports that provide a clear picture of the enterprise, who has responsibility for certain areas and provide a complete picture of the ownership structure within the organization.
- You don’t have a choice whether or not to be compliant. Since costs are an issue, organizations want an infrastructure tool that allows us to be cost-effective in its reporting process. They want to put in place an infrastructure that is supportive of compliance and also has the ability to sustain this compliance and control costs. Essentially, the right software will be adept at reducing the cost of compliance while maintaining usability.
- Software that can be tailored to meet specific regulatory needs. A lot of regulation leaves room for interpretation. It’s often vague or not industry-specific enough. A company often needs to tailor reports for whomever is receiving them. Depends on auditor, the vertical, their interpretation.
- Software that is easy to use and allows IT professionals to recognize that security doesn’t equal compliance. Internal security policy might affect how the product is implemented and the reports that are run. But, ultimately, the organization has to deliver the right reports to the right reporting agency to maintain compliance. The right product makes this possible.
There is an increasing focus on compliance these days. And because many of the people responsible for compliance within organizations are business, not tech people. IDM and security tools are huge supporting tools. Enforcing policies is the bailiwick of IT and those are the people who are tasked with locking down access and monitoring segregation of duty violations.
Further, there is tremendous risk emerging now around things like data breaches and loss of private information. As a result there’s a huge focus on securing that data.
So, having a tool set – a software solution – that can get you the information you need when you need it is important. And a solution that can also deliver information to the agencies your organization has to report to, is critical. That means that making sure that the IDM system and the reporting software you select will provide as much value as you need and be as seamless to your daily operations as possible, is the ultimate goal.
Learn more about compliance reporting software as it pertains to identity management here.