Four Risks in Manual Identity Enrollment

November 13, 2012

Manual processes are the weakest link in an automated system. As corporations strive to be more lean and efficient, employees are often tasked with extra duties and stresses that can aggravate the problem. Greater workload and the overall faster pace many companies work at – and employees struggle to keep up with – can undermine the most devoted employee's quest for accuracy in the task of manually entering information using a keyboard.

For physical identity management and identity enrollment, manual processes are particularly problematic. Inaccuracy is one issue; another is neglect. The multiple tasks competing for an employee's time and attention might also lead even a good employee to neglect or delay a manual task related to identity management. In either case, the result is an unacceptable level of risk to the organization.

The following potential risks demonstrate why enrollment in an identity management system is a process that is too important to be put at the mercy of human error.

An identity is not properly on-boarded.Misspelling a person's name is more than a typographical error when it comes to an identity management system – it's a security risk. Not fully entering a visitor's information correctly is another possibility, and either scenario could lead to someone who is not accurately accounted for in the system being on the premises. Such errors can also lead to the creation of multiple ghost/orphan entries that clog up the system, slow down processes and increase operational costs.
An identity cannot be properly vetted. For maximum security, an identity management system should cross-check an enrollee against third-party background checks, security checks, watchlists, etc. However, automated systems that perform such cross-checks are intolerant of misspelled names and incomplete information. Doing a background check on a misspelled name is the equivalent of not doing the check at all. A result could be approval of someone who is on a prohibited list (but whose name was misspelled and therefore did not match), an occurrence that would totally undermine the vetting process and provide access to an individual who represents a risk to the organization.
An identity is not properly off-boarded. A consequence of a heavy workload is that tasks that are perceived as less urgent can sometimes be postponed. In the case of a visitor management system, for example, it might seem more urgent to enter a visitor in the system because they are already on the premises for a specific meeting. However, off-boarding might seem less urgent and even be overlooked entirely in the rush of other duties. However, this can have huge consequences. When an identity is not properly off-boarded for any reason, the effect is to extend that enrollee's access and privileges within the organization. In effect, an unauthorized person is allowed continued access. Organizations should also beware of establishing manual processes that involve on/off-boarding an identity at a certain time, such as once a week. This manual practice leaves a large window of time in which identities are not properly controlled, and the practice may be even more risky if it is predictable or widely known.
Manual processes create a separate data silo. Manual processes are much less likely to be integrated into the enterprise identity management system and, therefore, are more likely to create a separate silo of data. This silo doesn't interface with any other system within the organization and does not benefit from the enterprise's abundance of identity information since it is not part of a unified system of identity management. Working separately from, and less securely than, the rest of the identity management system, manual processes also often require regular intervention from physical and IT security staff to remediate problems and exceptions, consuming time and resources that could be better used elsewhere.

Manual approaches to data control are rife with flaws that can negatively impact the integrity of any organization's processes. For identity management systems, the risks can be enormous, extending far beyond the consequences of simple typographical errors. By their nature, manual processes tend to be separate, less efficient and more error-prone. Where and as much as possible, manual processes should be replaced by automated systems that are less prone to variables. What's needed is a unified security platform that works with the existing physical security infrastructure, integrates with corporate and IT systems, and provides global compliance and card access management. Such a unified system can solve critical pain points associated with manual processes.

Ajay Jain is President and CEO of Quantum Secure

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Four Risks in Manual Identity Enrollment

Recent Articles by Ajay Jain

Telecoms Move Toward Predictive Security Intelligence

Banking on Identity Management for Security and Compliance

Working with PIAM for Hospital Safety

To Build or To Buy: Solutions to Access Management Software Dilemmas

How to Converge PSIM and PIAM for Total Situational Awareness

Security Magazine

2020 November

Four Risks in Manual Identity Enrollment

Recent Articles by Ajay Jain

Related Articles

Report Abusive Comment