Benefits of Roles to enable Identity Governance

RolesWhy is it so important for organizations to move towards Role Based Access Control as a means for managing user identities? This mechanism of providing, managing and auditing IT access is starting to be widely accepted, though might not be a the most loved, due to various reasons. Instead of focusing on some of the challenges that may make implementing RBAC somewhat of a pain, I would like to talk about the benefits that organizations gain over time, implementing this model for day to day access governance. Lets start jotting it down:

1. Since roles in an organization are relatively persistent with respect to user turnover and task re-assignment, RBAC provides a powerful mechanism for reducing the complexity, cost, and potential for error of assigning users permissions within the organization.

2. Roles support Role Hierarchies, a parent-child relationship, whereby all parent role permissions are inherited by the child role, which is typically more of a specialized role. This prevents role explosion and encourages re-usability in the RBAC model.

3. Roles map naturally to any given line of business and the organizational structure of an enterprise, allowing for a more streamlined and understandable security policy definition and enforcement. This is in contrast to the more conventional and less intuitive process of attempting to administer lower level access control mechanisms directly.

4. RBAC is policy-neutral which enables it to support different security policies. RBAC also directly supports three well-known security principles: least privilege, separation of duties, and data abstraction.

5. RBAC provides superior administrative capabilities with regards to Role content or privilege updates to users. Instead of re-assigning privileges to a large population of users, updating the Role content automatically updates the Role assignment, saving time and resources.

6. RBAC, coupled with provisioning solutions that support RBAC, provides a strong one-two punch for centralized access control in an organization. RBAC truly simplifies the definition, development and maintenance of provisioning processes.

7. Roles bridge the communication gap between business and IT regarding complex access definitions.

8. Roles allow employees to request access more easily and naturally move them towards the concept of least privilege, prohibiting access collectors over time.

9. RBAC allows more efficient reviews of access through Role Vs. Actual assessments, extremely valuable to audit teams in an organization.

These may be just few of the advantages of implementing Role based access control, but they are definitely worth the time and effort of implementing an RBAC solution. Next, I want to talk about the fundamentals of RBAC (without all the technical hoopla!) and then talk about best practices of implementing this model in your organization (with minimal time and effort), so stay tuned.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: