Who has access to what data and when? With the AccessIT solution, NNIT has implemented an automated identity and access control system. AccessIT manages employee access to NNIT's own systems, but can also secure our customer's IT systems. On top of this, the access control takes place automatically so it is always up-to-date.
IT is the backbone of all companies; the strong core that the rest of the organization depends on. Often, IT systems are the employees' most important work tools; optimizing processes and functions, and enabling more agile workflows and trimmed-down costs. However, it is vital that only the right consultants and employees have access to the right systems.
From a security perspective, companies are subject to a number of regulations regarding access to IT systems, especially in the light of the EU's updated personal data regulations, GDPR. These new rules impose stricter requirements than previously for the handling and storage of personal data.
– It is essential that companies have control over which employees have access to what data and how these employees are permitted to work with the data. Put simply, the right people should have access to the right things at the right time, explains Kuno Kasper Larsen, Subject Matter Expert, Identity & Access Management at NNIT.
On January 1, 2017, NNIT implemented a new, automated identity and access control system based on SailPoint's Identity IQ technology. AccessIT replaced NNIT’s former system called UserAR, which required manual actions and as a result was somewhat time-consuming to work with. AccessIT automatically supports business processes to a far higher degree.
– We have put more intelligence into the systems, and with the help of HR and access data, we have improved the system using attribute-based access control. For example, the system now checks an employee's data before granting access to a customer's IT system. NNIT is a trusted partner, and this gives customers greater peace of mind, and allows them to use the system when documenting access control. In addition, it strengthens the guidelines for what NNIT's own consultants may or may not do. All these things are managed by automated access control, says Kuno Kasper Larsen.
IT emergency plans in, for example, an IT breakdown situation pose a dilemma for many companies. For security reasons, the basic rule is that only authorized employees have permission to access the IT system. It can be problematic if there is a breakdown and none of the authorized employees are present to solve the problem immediately.
– For this reason, NNIT has developed a break glass procedure, where our IT technicians can promptly apply for access to repair a crash or error in an IT system. Thanks to intelligent access control, the technician's access is time-limited. NNIT operates over 10,000 servers for our customers, so it is incredibly important that access and identity checks work flawlessly and are designed to suit the needs of individual customers, explains Kuno Kasper Larsen.
The Compliance Benefits of AccessIT are clearly visible, but AccessIT is also business-efficient. This is because access is mostly granted on the basis of existing data, which reduces the need for extensive manual actions. On top of this, automation ensures that the system is always up-to-date.
With AccessIT, NNIT has implemented a solution that meets the demands of companies for both IT security and efficiency in the digital marketplace.
To learn more about AccessIT from NNIT, contact Kuno Kasper Larsen, Subject Matter Expert, Identity & Access Management Design at NNIT, at email: firstname.lastname@example.org.