- of
As companies merge or downsize to survive, they must change employee access to sensitive corporate data on very short notice, grant access privileges to new employees, adjust access privileges for re-assigned employees, and terminate access for former employees and contractors. CIOs of these organizations must manage that transition in a manner that minimizes business disruptions while also protecting the company from insider theft and ensuring compliance to government regulations. SailPoint's Founder and CEO, Mark McClain, provides advice to help CIOs to help prepare their business and IT organization for these scenarios.
1. Leverage your seat at the table during any executive-level discussions of corporate restructuring. Ensure your security and IT operations teams have the skills and resources required to manage any transitions
2. Don't let technology and staff integration issues overshadow the importance of due diligence during corporate M&A events. An acquired company's non-compliance may impact your own compliance
3. Proactively manage the risk inherent in the restructuring event Corporate churn can expose sensitive applications to "insider threats" because of changes to user populations and their access to corporate resources
4. Focus on IT and security challenges, specifically on identity management issues, during corporate restructuring. Critical questions that should be addressed are: Who has access to critical IT assets, either existing assets or those soon to be acquired?
5. Pave the way for your teams to work with groups outside the IT organization, including HR, legal, audit/compliance, and business units. The decisions made by other groups can significantly impact IT's workload, so it is important that IT has a voice in even the most tactical decisions
6. Prepare in advance by building automated, repeatable processes for identity governance into your organization: Access certifications - periodic review and approval of "who has access to what"
7. Before a merger or acquisition occurs, use your organization's identity governance process to speed and automate due diligence performed on the target company: Inventory users and their access privileges
8. Before a layoff occurs, use these same methodologies to ensure prompt and accurate terminations: Certify your identity data in advance so that you have current, accurate information about all users and their access to all corporate assets
9. Following any transition, institute an immediate audit, then establish ongoing audit and monitoring programs to mitigate risk. Confirm that all accounts have been removed for terminated users
10. Remember that corporate restructuring imposes a significant increase in your organization's workload. There will be tradeoffs: either funding needs to be provided for the additional work or your portfolio of IT projects must be re-prioritized
The 10 Hottest IT Certifications
Make 8 Popular Performance Tools Work for You
Ten Enemies of Innovation
IT Workers More Confident in Jobs, Economy
The Secret of Apple's Success
Money Woes Take a Toll on Worker Performance
