Measuring Identity and Access Management Performance - An Expert Survey on Possible Performance Indicators

Currently existing digital challenges such as securing access, proof of compliance with regulations and improvement of business performance are urging companies to implement structured Identity and Access Management (IAM). Over the past decades, the introduction of IAM represented a critical task for companies trying to get their complex IT infrastructures comprising hundreds of systems, thousands of accounts and millions of access right assignments under control. However, once introduced, the identification of potential IAM malfunctions remains an unsolved challenge. Within this paper, we want to provide a first step into the direction of sustainable IAM maintenance, by introducing indicators that are able to capture the efficiency of a rolled-out IAM. We firstly derive IAM performance indicators via a structured scientific approach and later evaluate their relevance by surveying IAM experts.

[1]  Hannes Hartenstein,et al.  Towards Systematic Engineering of Service-Oriented Access Control in Federated Environments , 2008, 2008 IEEE Congress on Services Part II (services-2 2008).

[2]  Denis Royer Enterprise Identity Management: Towards an Investment Decision Support Approach , 2013 .

[3]  Anat Hovav,et al.  Tutorial: Identity Management Systems and Secured Access Control , 2009, Commun. Assoc. Inf. Syst..

[4]  Elisa Bertino,et al.  Identity Management: Concepts, Technologies, and Systems , 2010 .

[5]  Denis Royer,et al.  Enterprise Identity Management - What's in it for Organisations? , 2007, FIDIS.

[6]  Stefan Meier,et al.  Managing the Access Grid - A Process View to Minimize Insider Misuse Risks , 2013, Wirtschaftsinformatik.

[7]  Günther Pernul,et al.  HyDRo - Hybrid Development of Roles , 2008, ICISS.

[8]  Irena Bojanova,et al.  Identity and Access Management , 2016 .

[9]  Gunnar Peterson,et al.  Introduction to identity management risk metrics , 2006, IEEE Security & Privacy.

[10]  Mark Klein,et al.  Experience with performing architecture tradeoff analysis , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[11]  Rami Bahsoon,et al.  Evaluating identity management architectures , 2012, ISARCS '12.

[12]  Denis Royer,et al.  Planung und Bewertung von Enterprise Identity Managementsystemen , 2008, Datenschutz und Datensicherheit - DuD.

[13]  Günther Pernul,et al.  Introducing Dynamic Identity and Access Management in Organizations , 2015, ICISS.

[14]  H. D. Rombach,et al.  THE EXPERIENCE FACTORY , 1999 .

[15]  Hannes Hartenstein,et al.  Performance Evaluation of Identity and Access Management Systems in Federated Environments , 2009, Infoscale.

[16]  Günther Pernul,et al.  Different Approaches to in-house Identity Management , 2009 .