"Kirk : Yoo bro I work at twitter / don’t show this to anyone / seriously"

As far as the news sources go, this was apparently how the major Twitter hack of recent times began. This Discord user who goes by the name 'Kirk' then proceeded to show that he could take control of important people's Twitter accounts. To accomplish something of this scale one needs to have insider's level of access to the company's network.

If security incidents like these can happen to a company like Twitter, which probably has one of the most sophisticated security setup, what are the odds that your company might not be next? If you still say, "Nah! The chances of that happening to me are very small," then this series is for you.

The general misconception is that if you follow effective Access Management (AM) practices, you do not need to follow Identity Governance (IG) best practices. I AM is not a replacement for IG and vice versa. Both go hand in hand in designing the policies for access controls and managing them.

1. IG is needed only for big organizations and not for small and medium enterprises


2. RBAC single handedly takes care of all management risks


3. IG is not cloud applications friendly


4. IG is needed only if your industry has mandatory regulatory compliances

Myth #1 IG is needed only for big organizations and not for small and medium enterprises

Any business or organization, small or big, is bound to have sensitive and critical data like PIIs, credit card details, or even employee data, leaving them always vulnerable to attacks.A key part of IG and also one of the important approaches to protecting your organization is maintaining maintaining a clean and up-to-date AD, without any unnecessary or unwanted accounts, right from the initial stages so it's easier to maintain as the company scales up. This can be supplemented with a complete inventory of all roles in the organization along with the permissions and group membership necessary for each one of them.

The ADManager Plus solution: Start streamlining your AD with ADManager Plus' automated clean up of inactive security groups and user accounts

How to set up automated clean up of inactive users with ADManager Plus?

1. Navigate to Automation tab > Automation > Create New Automation and configure the following settings,

• Automation policy Name and Description - Enter a suitable name and description for the automation process.
  

• Automation Category - Choose User Management.
  

• Domain - Choose the domain and OUs where the task should be run in.
  

• Automation Task/Policy - From the 'Automation policy' list, select the 'user deprovisioning' policy.
  

Note: You can customize this deprovisioning policy by navigating to Automation tab > Automation Policy > Edit DeProvisioning policy.

• Location of CSV - Choose the location of your CSV file which contains the list of users to be deprovisioned.
  

• Implement Business Workflow - Enable this option if you wish that the user deletion be carried out after approval. This option will automatically create a 'delete user' request; once it is approved by the appropriate technician or user mentioned in the workflow, the user account will be deleted from AD.
  

• Select the Execution time and Frequency at which you want the automated user deprovisioning to be done.
  

• Enable the Notification option if you wish to notify the technician every time the automation gets executed.
  

• Click Save.