[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, March 28, 2024

Bloggers Send Prayers of Hope

Social Media
Author: Mark Dixon
Tuesday, September 16, 2008
8:46 pm

Last week, I posted a brief article about close family friends who are recovering from a serious plan crash.
The following news report, produced by a Phoenix television station, explores how bloggers from around the world are sending their hope and prayers to Stephanie and Christian.

Makes you kind of feel good about participating in the blogosphere!

 

CSO on Role Management

Identity
Author: Mark Dixon
Tuesday, September 16, 2008
6:28 am

An excellent article on role management was published last week in CSO Online.    Business drivers, benefits and challenges were listed from a Burton Group study:

“In its 2007 survey of 35 organizations, Burton Group found that the number of role management initiatives has grown significantly since 2003, especially in the financial services industry. The top business drivers include:

  • Administrative efficiencies for access management
  • Ease of audit and compliance
  • Improved security controls for access and authorization

“The payoff? In return for your efforts, expect the following benefits:

  • Simplified number of managed entities
  • Improved visibility into available resources
  • Better enforcement of policy
  • Improved relationship of IT with the business

“The Burton Group says major challenges for these projects include:

  • Establishing the relationship of roles to business and administrative processes
  • Setting guidelines for defining and establishing roles
  • Determining who should participate and in what capacity
  • Determining how to maintain roles over time
  • Associating roles with resources
  • Determining how to associate business process and policy with roles”

A variety of customers, using several role management software tools, were quoted in the article in support of a good list of recommended Do’s and Don’ts for role mangement projects:

  • DON’T select a tool until you’ve defined your process.
  • DO take a combined top-down, bottom-up approach.
  • DO take a combined top-down, bottom-up approach.
  • DO create links between IT roles and business roles.
  • DO go beyond access control when communicating business benefits.
  • DO look for a tool that mirrors your organizational approach.
  • DON’T underestimate the time commitment.
  • DO manage scope.
  • DO consider getting a quick start with role mining.
  • DON’T create too many roles.
  • DO look for reporting capabilities and a strong certification process.
  • DON’T assume you need a suite to integrate role management with your provisioning system.

Although no vendors were directly quoted, many observations were favorable for the Sun Role Manager product.

I thought it interesting that Kevin Kampman, senior analyst at Burton, recommended the role discovery process directly supported by the Sun product:

“DO take a combined top-down, bottom-up approach. According to Kampman, role management typically combines a top-down (or business responsibility-driven) perspective, and a bottom-up (or system resource-oriented) approach. Top-down reflects the needs of the business, while bottom-up reflects the application privileges and permission sets to satisfy those business responsibilities.”

Craig Cooper, senior project manager at Thrivent Financial for Lutherans, a Vaau/Sun Role Manager customer, offered some interesting practical insights:

“Cooper sees role management as an integral part of enhancing Thrivent’s trusted reputation with customers. ‘We want to be able to demonstrate that we have the controls in place related to access, and this process has allowed us to do that,’ he says.

“The most time-consuming piece, according to Cooper, is the communication, analysis and research required to get business people on board and ensure your initial design is correct. The good news, he says, is that the learning curve drops off, and you can leverage process improvements and reuse definitions. While it took 12 weeks to set up roles for Thrivent’s first business unit, the team is now completing units in six weeks.”

“It’s important to keep the number of roles you create down to keep your management burden low. ‘It’s a lot easier to manage 1,000 roles than 5,000 or 7,000 individual access profiles,’ Cooper agrees. It’s good practice to use an 80/20 rule, he says, where you assign groups of users a base set of access and then use auxiliary roles and exceptions to cover additional access needs.

Technorati Tags: , , , , , ,

 

My Business Card

Identity
Author: Mark Dixon
Tuesday, September 16, 2008
5:30 am

May I introduce myself and present my business card, please?

As a an addendum to yesterday’s post, here is an electronic copy of my business card.  Another nice feature of the Scan2Contacts personal scanner is that a .jpg copy of the business card image is added to the Outlook contact record. Fun stuff!

Technorati Tags: ,

Comments Off on My Business Card . Permalink . Trackback URL
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.