1.21 Identity Proofing and Account Provisioning Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 48 minutes
Video Transcription
now, I just gave you an overview of those steps. Let's look a little bit deeper into them. So our first step here, identity Proof
again always should proceed the creation of a user account. And I hope that goes without saying before I say, Come on into my network. Here's an account. You've gotta provide me some proof.
This is not the same as authentication. This is all about providing proof to the perspective employer
off my identity, which sounds a lot like authentication. But when we talk about authentication were thinking of it more from a technical, A system based standpoint. So this is just coming in the door. The HR department, usually new hire team, whatever is gonna take my evidence that I supply,
they're gonna verify that information.
Um and then they're going to make sure that the information I've provided belongs to me, and that's the predecessor to anything from a technical state right now. Once I'm hired, this is all done.
Where we come into play is where we start with account provisioning. Now there are lots of different ways accounts get provisioned, and one of the things that we're moving warm or towards is automated account provisioning rather than having to manually create
every single account, often multiple times we'll get there in just a minute.
Um, so account provisioning again. This is sort of just the basic
form where we're creating accounts in our rural, probably active directories or some other authentication server. This kind of implies just plain old account provisioning doesn't really imply how. It's just sort of a definition term.
Often this is done, or at least traditionally. This has been done through discretionary provisioning, which basically means the administrators will go in and they'll enter user accounts. And based on some criteria, they'll kind of a sign resource is, or they'll determine what resource is and individual user needs.
Obviously, this is gonna work in a new organization of 50,000 employees, but I've worked at many organizations
that kind of based on what we've seen your in the sales department here, the rights and permissions will give you if there's anything we're not sure about, we can always call and follow up. That's a lot of work, though, right, and that puts really the pressure on the administrator to make some pretty hefty decisions
now. We also see self service provisioning that totally takes the weight off the administrator on dhe. This isn't necessarily, you know, in a work environment, I don't create my account. But if you think about going to Facebook, you self service your account provisioning, right? Or,
you know, just about any software's a service. If you're home user,
you create your own account. You can also reset your own password. You can suspend the account. You can do those sorts of things. So the big benefit they're taking the weight off admit
sometimes provisioning is based on work flow, which essentially has gathered around sort of, um
your role within the organization, which is pretty good idea. And ultimately, you'll have there'll be an owner to that process that will sign off from a to the end. But essentially there will be a set process for you based on being in the sales department
and then this last instance automated account provisions. This is what we want to work on. What we're gonna be able to do is to think about this idea of reducing redundancy,
reducing redundancy, and again, you know, I don't know if you've worked with this in the past. But traditionally speaking, we've had a lot of redundancy between the HR department in the I T department. So that's what we're gonna focus on next. We're gonna take a look at automated account provisioning.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By