Every company needs to understand that there is no definite way to measure the progress in customer identity and access management. If you are responsible for the same, you may know how frustrating that could be. So, for the same you can use a scoring system and keeping an eye on a few factors. Here are the variables you should consider while measuring.
- System coverage percentage
Here you may need to list all the apps and system that your company makes use of. Then, keep an eye on those systems that are covered by your identity management system. For instance, if you work on 100 apps and have 80 of those apps in your system, then the metric considered here would be 80 percent coverage.
- Employee coverage percentage
Very similar to the above, you can track your efficiency by taking your employees into account. For instance if you have 1000 employees and only take in 500 of them in your system, then the score would result in 50 percent. This is a valid point if you have just executed your identity management system.
- Time required to respond to audit
Nobody relies on auditing anymore. The best outcome you can expect here is when you face an IT audit is accomplishing the complete process with zero findings as rapidly as possible. Hence, you need to keep an eye on your response to IT security audits. With the help of Compliance Auditor, the identity management requests and approvals are logged in automatically. In other words, you can have all the records you require in one place.
- Time to accomplish identity and access change requests
Speed always matters. Hence you need to keep an eye on how long employees and managers need to wait out in order to get their identity management requests approved. When you are using an identity management software solution, you will always gain a high score on this very factor. On the contrary, when you are relying upon a manual approval process, scoring well here would be a tough cookie to crack. So always establish a standard for change request responses of one business day. Then, you can record the percentage of requests that are responded in that time frame.
- Compliance to IT security standards
You also need to review the IT security standards for identifying particular and measurable needs. For instance, you may need privileged users to explain why you need such access in every quarter. In that instance, you can establish a score by tracking the attestations.