Don’t forget the ‘C’ in GRC
Governance, Risk and Compliance need to sync up to keep your organisation’s data secure. You should have a good assessment of your security risks and transparency of this at board level. But are you remembering the importance of compliance? This can have a direct financial impact when your organisation is audited. For example, you could be left with a fine if you are not compliant with your licence contracts. Many organisations are unaware until it is too late, and then are forced to instigate emergency actions.
Do you know you are compliant?
Identity Management software solutions involve a licence count limit within a contract. If you are over the licence count threshold, you are not compliant with the contract. But if you do not know that threshold, or you do not know how many identities there are in your system, you cannot know whether you are compliant or about to be charged two hundred thousand pounds after an audit for non-compliance.
You’re throwing money down the drain
If your actual number of identities surpasses the licence count threshold, you will be charged for every identity over the limit. Not only this, but you will also be charged a fine for non-compliance. You might have 5,000 members of staff using your system, but this does not mean you have 5,000 identities in your system. You could have 50,000 all managed by the software, including user accounts, secondary accounts, service accounts and test accounts. Some identities might represent more than one person, such as for a shared team account that multiple users have the login for. Many organisations struggle to keep track of the number of identities in their system for these reasons.
Risk factor of non-compliance
Untracked identities come with the risk of not knowing who has access to your data, leaving your organisation at risk of attack from bad actors within the system. Compliance regulations exist for multiple reasons, one of which being the visibility to track identities and their access to data, applications, and systems. If you have clarity on your identities, you can better mitigate the risks associated with poor access control and identity management.
Unused identities still count towards your limit
Some licence count limits include deleted identities as enabled user accounts, meaning you cannot rely on the number of active identities to give you the total number counting towards the licence threshold. Once you have transparency on your identities and licence count, you can delete unused identities to save money on your licences and reduce the risk of not knowing who has access to what.
How can I find out about my licence count or dormant accounts?
If you want to know more about your licences, you can talk to one of our support team today to find out what we can provide you in our Licensing Package. Intragen wants to provide clarity on your licensing before an auditor gets there first. You can run the report in minutes for a visual representation of your compliance.