Security in Obscurity

Achieving Effective User Lifecycle Management Through Automation

Cyber Defense Magazine, April 2020

This article was originally published in Cyber Defense Magazine. A copy of the publication can be found here.

---

Abstract

Automating user lifecycle management is an important topic not only to the security of an organization but also to the overall function of an enterprise. By achieving effectiveness through automation in your user lifecycle management process you will not only increase the productivity of your operational teams through the reduction of work required to manage the user lifecycle, but also add effective security controls to your information security program.

User lifecycle management covers the full array of activities executed during the lifetime of a user at an enterprise. From a security prospective, user lifecycle management should be an important domain to include in your security program. While many of the operational tasks related to the lifecycle management are associated with Human Resources or Information Technology business units, the need to instill security controls into the related workflows and processes is paramount. When looking to automate the user lifecycle at an enterprise there are numerous technical tools at your disposal. Whether you choose to leverage internal scripts or programs, or go with more of a managed technical solution is more of a personal preference pertaining to your available budget and technical skill sets on staff. Proper tooling combined with a well-maintained source of truth, an effective access control model and baking in the updating of information between sources allows you to add effective security controls to your information security program.