Home » Identity & Access » Identity Management

Role Management Software: Making it Work for You

Role management software enables the creation and lifecycle management of enterprise job roles

Harkola says it's the bottom-up that's really time consuming because it requires developers to delve into the target applications and pull out the entitlement database to see what everyone has access to. The role templates were much easier to create, he says, thanks to Courion's Role Courier, which analyzes the entitlement data and quickly builds roles, which clients then verify as accurate.

Craig Shumard, CISO at Cigna, says its tool, Aveksa, can automate the bottom-up process. Before purchasing Aveksa, he says, his team worked manually to create roles based on business responsibilities, as well as the entitlements each role should have. However, Aveksa was able to go into the applications and provide a "book of record," he says, or an as-is state of the access people in those roles actually had. This, he says, exposed all the company's "sins of the past" and allowed them to clean up access privileges.

DO create links between IT roles and business roles. It's important to, as Craig Cooper, senior project manager at Thrivent Financial for Lutherans, puts it, "connect the dots" for the business between access entitlements and business definitions. That's why his team mapped each entitlement with a business definition. That way, a business person could ask simply to, say, update a customer record, without having to specify the dozens of access requests they'd need to perform that operation. "It puts it into a business context," he says.

DO go beyond access control when communicating business benefits. Kampman says because role management ensures that authority, responsibilities, resources and communications channels are aligned to meet business objectives, it can have great appeal to C-level execs who need this kind of visibility to achieve a more effective and efficient organization.

For Energy East, Harkola says, communicating business benefits meant ensuring the new processes his group created provided value-add from a service perspective. "You have to think of role management in a broader context, not just, 'I want to solve role management,'" he says.

At ABN Amro, Kruit says, selling role management meant not only emphasizing a speedier access request process but also a safety net against the types of data access scandals that afflicted organizations in the past year. "We had to make the case," he says.

Meanwhile, Cooper sees role management as an integral part of enhancing Thrivent's trusted reputation with customers. "We want to be able to demonstrate that we have the controls in place related to access, and this process has allowed us to do that," he says.