Privileged Identity Management

I read an interesting article on this topic recently and how it relates to databases. The article is a good read and I want to highlight some points that should apply to everyone working in IDM and particularly around PIM:

1. Even at an enormous firm, the number of privileged IDs with access to high-risk data should be short enough for a busy executive to personally review
2. It is both feasible and reasonable for senior executives to personally review this information and record that they have done so
3. Anyone can expect this kind of review may be taking place in any major organization handling high-risk data, although it is not as universal as it should be

Think about point #1 above and ask yourself if you would have a short list for your CIO/CISO to review at your company. I agree that the list should be extremely short and it should be reviewed by your management chain on a regular basis. As the author states, these reviews are not as universal as they should be. How about at your company?

Technorati Tags:
identity management, QSFT, Quest Software, privileged account management