In an identity-management guide published on Tuesday, the Corporate IT Forum (TiF) recommends using automation to smooth over some of the difficulties in keeping track of who is accessing what.
According to the guide, companies should approach identity management by asking the following questions for each member of staff: "Who are you?"; "What is your business here?"; and "What IT elements and data do you need?"
That information should be put into a Lightweight Directory Access Protocol, which sets and controls staff access to applications and services, and then governed by a set of variables: do staff have permission to create/modify/delete a data set, for example, and when do those access rights need to be withdrawn?
As well as helping out administrators, the system will allow staff to log in just once to use all the systems they have access to.
However, some business decisions should still be made by management and not the automated system, such as whether to grant access to business critical data to a temporary employee, the guide advises.
The report says this approach will save a business money and time, reduce the risk of human error, ease staff access to company systems and provide a clear audit trail.
Head of research at TiF, Ollie Ross, said: "Proper identity management and role-based access gives a better handle on who in the business is accessing what, from what and for what purposes — from the desktop through to handhelds."
International information-management group Reed Elsevier helped produce the report and is itself wrestling with how to simplify controlling systems access among its 8,000 IT users.
Ruth Harris, head of project management office Europe for Reed Elsevier Technology Services, described the challenges posed by controlling staff access.
She said: "We have users all over the world using a number of different applications with different IDs and passwords. When those staff leave, you have to go through each application they have access to, both centrally and locally, and then disable that access.
"We are looking into how to make this process simpler by having a system that allows you to only have to tap in once that this person is leaving and it will disable their access to all applications."
To find out more about the TiF guide, visit TiF's website.
This article, Stopping corporate IT break-ins, was originally published on silicon.com.