{"id":54439,"date":"2022-03-10T11:02:40","date_gmt":"2022-03-10T10:02:40","guid":{"rendered":"https:\/\/www.oncomed.cz\/?post_type=studies&p=54439"},"modified":"2022-03-10T12:33:05","modified_gmt":"2022-03-10T11:33:05","slug":"zavedeni-idm-v-oncomedu","status":"publish","type":"studies","link":"https:\/\/www.oncomed.cz\/cs\/blog\/zavedeni-idm-v-oncomedu\/","title":{"rendered":"Zaveden\u00ed IDM v oncomedu"},"content":{"rendered":"
\n

Co je IDM?<\/h2>\n

IDM neboli Identity Management je kl\u00ed\u010dov\u00fd IT syst\u00e9m, kter\u00fd se zab\u00fdv\u00e1 centr\u00e1ln\u00edm \u0159\u00edzen\u00edm a spr\u00e1vou identit, a p\u0159i\u0159azov\u00e1n\u00edm rol\u00ed \u2013 tj. p\u0159\u00edstupem do jednotliv\u00fdch IT syst\u00e9m\u016f a p\u0159\u00edslu\u0161n\u00fdch rol\u00ed. Tento syst\u00e9m zaji\u0161\u0165uje, \u017ee jednotliv\u00ed zam\u011bstnanci (p\u0159\u00edpadn\u011b extern\u00ed spolupracovn\u00edci) spole\u010dnosti maj\u00ed relevantn\u00ed p\u0159\u00edstup do syst\u00e9m\u016f a aplikac\u00ed, kter\u00e9 pot\u0159ebuj\u00ed k\u00a0v\u00fdkonu sv\u00fdch pracovn\u00edch povinnost\u00ed. IDM napom\u00e1h\u00e1 spr\u00e1vn\u00e9 identifikaci, ov\u011b\u0159ov\u00e1n\u00ed a autorizaci lid\u00ed, skupin lid\u00ed nebo softwarov\u00fdch aplikac\u00ed prost\u0159ednictv\u00edm atribut\u016f, v\u010detn\u011b u\u017eivatelsk\u00fdch p\u0159\u00edstupov\u00fdch pr\u00e1v (rol\u00ed) a omezen\u00ed na z\u00e1klad\u011b jejich identity.<\/p>\n

Pro\u010d je IDM d\u016fle\u017eit\u00e9?<\/h3>\n

Podle studie proveden\u00e9 spole\u010dnost\u00ed (ISC)2, 80 % poru\u0161en\u00ed bezpe\u010dnosti bylo zp\u016fsobeno probl\u00e9my s p\u0159\u00edstupem k identit\u011b, a\u0165 u\u017e slab\u00fdmi nebo \u0161patn\u011b spravovan\u00fdmi p\u0159ihla\u0161ovac\u00edmi \u00fadaji, nebo nedodr\u017eov\u00e1n\u00edm postup\u016f a proces\u016f souvisej\u00edc\u00edch s\u00a0IDM.<\/p>\n

\u0158\u00edzen\u00ed p\u0159\u00edstupu jednotliv\u00fdch zam\u011bstnanc\u016f umo\u017e\u0148uje organizac\u00edm eliminovat p\u0159\u00edpady kr\u00e1de\u017ee identity, naru\u0161en\u00ed dat a nez\u00e1konn\u00e9ho p\u0159\u00edstupu k citliv\u00fdm firemn\u00edm informac\u00edm. Cel\u00fd syst\u00e9m tak\u00e9 podstatn\u011b uleh\u010d\u00ed vyt\u00ed\u017een\u00ed IT odd\u011blen\u00ed, jeliko\u017e v\u0161echna p\u0159\u00edstupov\u00e1 opr\u00e1vn\u011bn\u00ed v r\u00e1mci firmy budou p\u0159id\u011blena automaticky bez dal\u0161\u00ed nutnosti z\u00e1sahu.<\/p>\n

D\u00edky tomuto n\u00e1stroji se eliminuj\u00ed chyby, kter\u00e9 by mohly b\u00fdt zp\u016fsobeny p\u0159i manu\u00e1ln\u00edm zad\u00e1v\u00e1n\u00ed p\u0159\u00edstupov\u00fdch pr\u00e1v nebo v\u00a0d\u016fsledku nedostate\u010dn\u00e9 nebo chyb\u011bj\u00edc\u00ed komunikace mezi jednotliv\u00fdmi odd\u011blen\u00edmi, typicky HR a IT. V\u00a0neposledn\u00ed \u0159ad\u011b IDM v\u00fdrazn\u011b uleh\u010duje dodr\u017eov\u00e1n\u00ed pr\u00e1vn\u00edch p\u0159edpis\u016f a smluvn\u00edch z\u00e1vazk\u016f t\u00fdkaj\u00edc\u00ed se zaji\u0161t\u011bn\u00ed bezpe\u010dnosti a ochrany z\u00e1kaznick\u00fdch dat.<\/p>\n<\/div>\n<\/div>\n\n\n\n\n

\"\"<\/figure><\/div>\n\n\n
\n

IDM v\u00a0oncomedu<\/h3>\n

Implementace IDM v\u00a0oncomedu byla zah\u00e1jena na podzim 2019. Produktivn\u011b jsme syst\u00e9m spustili na konci ledna 2020. V\u00a0posledn\u00edch letech se firma velmi rychle rozrostla, a bylo nutn\u00e9 se zamyslet nad \u0159e\u0161en\u00edm jednotliv\u00fdch integrovan\u00fdch IT syst\u00e9m\u016f, jejich aplika\u010dn\u00edch rol\u00ed a zp\u016fsobem integrace. Zaveden\u00ed IDM syst\u00e9mu v\u00fdznamn\u011b podpo\u0159ilo z\u00e1m\u011br m\u00edt jednotnou centr\u00e1ln\u00ed identitu pro (skoro) v\u0161echny aplikace, \u0159\u00eddit je a podle profilu u\u017eivatel\u016f spravovat p\u0159\u00edstupy k\u00a0aplikac\u00edm, zdroj\u016fm a skupin\u00e1m.<\/p>\n

Kl\u00ed\u010dovou \u010d\u00e1st\u00ed \u0159e\u0161en\u00ed IDM je integrace na person\u00e1ln\u00ed syst\u00e9m VEMA HR, kter\u00fd je autoritativn\u00edm zdrojem (\u010dili \u0159\u00edd\u00edc\u00edm syst\u00e9mem) person\u00e1ln\u00edch informac\u00ed o pracovn\u00edc\u00edch a jejich smluvn\u00edm vztahu se zam\u011bstnavatelem, kter\u00e9 IDM interpretuje a na jejich\u017e z\u00e1klad\u011b automatizovan\u011b \u0159\u00edd\u00ed procesy n\u00e1stupu, odchodu, resp. zm\u011bny pracovn\u00ed funkce zam\u011bstnance \u2013 co\u017e v\u00fdznamn\u011b umo\u017enilo automatizaci rutinn\u00edch proces\u016f spr\u00e1vy identit.<\/p>\n

IDM je z\u00e1sadn\u00edm prvkem vnit\u0159n\u00ed integrace \u2013 nejprve se transformovala a integrovala kancel\u00e1\u0159sk\u00e1 dom\u00e9na jako centr\u00e1ln\u00ed u\u017eivatelsk\u00e1 datab\u00e1ze \u2013 jednotliv\u00e9 AD skupiny se na\u010detly do IDM, zm\u011bnila se jejich struktura a jednotliv\u00e9 role se transparentn\u011b vlo\u017eily do syst\u00e9mu. Pot\u00e9 p\u0159i\u0161la na \u0159adu dom\u00e9na pro laborato\u0159e, a v\u00a0l\u00e9t\u011b 2022 m\u00e1me v\u00a0pl\u00e1nu migrovat i v\u00fdrobn\u00ed dom\u00e9nu. Jeliko\u017e jsme farmaceutick\u00e1 spole\u010dnost, nezbytnou sou\u010d\u00e1st\u00ed byla validace IDM v\u00a0souladu s\u00a0po\u017eadavky GAMP.<\/p>\n

Jak\u00fdm jsme \u010delili v\u00fdzv\u00e1m?<\/h3>\n

Nejkomplikovan\u011bj\u0161\u00ed byla cel\u00e1 restrukturalizace p\u0159\u00edstup\u016f \/ rol\u00ed v\u00a0oncomedu, kdy bylo nejd\u0159\u00edve nutn\u00e9 jednotliv\u00e9 profily poskl\u00e1dat do nov\u00fdch logick\u00fdch celk\u016f pro podporu automatizovan\u00e9ho zpracov\u00e1n\u00ed, na kter\u00e9 by se pot\u00e9 mohly v\u00e1zat dal\u0161\u00ed aplikace a p\u0159\u00edstupov\u00e1 pr\u00e1va. P\u016fvodn\u00ed syst\u00e9m byl v\u00edcem\u00e9n\u011b manu\u00e1ln\u00ed, bylo nutn\u00e9 tzv. dodat procesn\u00ed rozm\u011br, co\u017e bylo mo\u017en\u00e9 pouze s\u00a0IDM.<\/p>\n

Jedn\u00e1 se v\u0161ak o pr\u016fb\u011b\u017en\u00fd proces, kdy se postupn\u011b p\u0159id\u00e1vaj\u00ed dal\u0161\u00ed IT syst\u00e9my, a na\u0161\u00ed ambic\u00ed je transformace administrace u\u017eivatel\u016f a rol\u00ed, kter\u00e9 mohou b\u00fdt \u0159e\u0161eny pouze manu\u00e1ln\u011b, k\u00a0jejich pln\u00e9 automatizaci. D\u00edky tomu jsme v\u0161ak zas o krok d\u00e1l co se t\u00fd\u010de automatizace a celkov\u00e9 inovace ve spole\u010dnosti.<\/p>\n<\/div>\n<\/div>\n\n","protected":false},"author":3,"featured_media":0,"template":"","meta":{"_acf_changed":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"categories_studies":[13],"class_list":["post-54439","studies","type-studies","status-publish","hentry"],"acf":[],"aioseo_notices":[],"featured_img":false,"coauthors":[],"author_meta":{"author_link":"https:\/\/www.oncomed.cz\/cs\/author\/jorova\/","display_name":"Zuzana Jorov\u00e1"},"relative_dates":{"created":"Posted 4 roky ago","modified":"Updated 4 roky ago"},"absolute_dates":{"created":"Posted on 10. 3. 2022","modified":"Updated on 10. 3. 2022"},"absolute_dates_time":{"created":"Posted on 10. 3. 2022 11:02","modified":"Updated on 10. 3. 2022 12:33"},"featured_img_caption":"","tax_additional":{"categories_studies":{"linked":["\u010cl\u00e1nky<\/a>"],"unlinked":["\u010cl\u00e1nky<\/span>"],"slug":"categories_studies","name":"Kategorie blogu"},"translation_priority":{"linked":[],"unlinked":[],"slug":"translation_priority","name":"Translation Priorities"}},"series_order":"","_links":{"self":[{"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/studies\/54439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/studies"}],"about":[{"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/types\/studies"}],"version-history":[{"count":5,"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/studies\/54439\/revisions"}],"predecessor-version":[{"id":54464,"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/studies\/54439\/revisions\/54464"}],"wp:attachment":[{"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/media?parent=54439"}],"wp:term":[{"taxonomy":"categories_studies","embeddable":true,"href":"https:\/\/www.oncomed.cz\/cs\/wp-json\/wp\/v2\/categories_studies?post=54439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}