The Genesis of Privileged Identity: Creation and Evolution of the Superuser
When I think about managing identities and privileges within an organization, one of my favorite analogies for the whole privileged identity lifecycle is biblical.
Everything starts “in the beginning” with a super user. Whether someone starts with a server or a workstation, creates on-premise solutions for their network infrastructure, or builds out a cloud, they'll always have to start out with an account with god-like power that will control all other accounts accessing that resource going forward in the future.
The Identity Management Lifecycle
IT folks are somewhat like the priest or the rabbi talking about the Bible and conducting well-organized and inspirational services, but not necessarily understanding the history of the materials they are presenting. Many of the true scholars in the field know information that may shock the flock and those that are leading the flock.
One of the most common reasons the systems fail to work is the problem of paperwork. When someone leaves or joins the company there's usually a mountain of paperwork involved and there is a workflow that has to be taken care of that is partially manual and partially electronic. Now, when people come in to the company, their bosses are screaming for access and that becomes top priority. But when they leave, the sense of urgency just isn't there
Similarly, when employees change jobs the demand from up top is for new access but no one pressures for the old access to be turned off. So you run into a queuing problem where you can go into any given organization and potentially see hundreds of people who have been discharged or who have changed their roles and there is one HR person who has to go through the paperwork and go into the systems to get rid of their accounts.