Monday, August 29, 2005

Bridgestream separates business roles from IT roles

NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT
08/29/05
Today's focus: Bridgestream separates business roles from IT
roles

Dear security.world@gmail.com,

In this issue:

* Bridgestream explains SmartRoles
* Links related to Identity Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance.
http://www.fattail.com/redir/redirect.asp?CID=111658
_______________________________________________________________
SEVEN TIPS FOR MANAGING STORAGE

Considering adding to your storage arsenal or upgrading what you
already have? Follow these seven tips for managing storage in
the new data center and find out what you might need to put on
an RFP, and what you need to do before, during and after a
change in your storage environment. Click here for more:
http://www.fattail.com/redir/redirect.asp?CID=111567
_______________________________________________________________

Today's focus: Bridgestream separates business roles from IT
roles

By Dave Kearns

Last month, Thor Technologies announced a partnership with
Bridgestream to integrate Thor's Xellerate with Bridgestream's
SmartRoles business roles automation package. Though I mentioned
the news in a previous newsletter, Bridgestream Vice President
of Marketing Ed Zou thought I needed a better explanation of
SmartRoles - so he gave it to me, and now I'm passing it on to
you.

What follows are Zou's words:

* * *

Role and group management are critical to the success of
provisioning projects. Vendors want to punt the role/group
management problem, because it gets in the way of their sales
cycle. But it's becoming very difficult for them to do so.

To be fair, provisioning systems do bring value to companies
without getting into roles or groups. In a typical provision
project, the first six months are spent on consolidating request
workflows. Consolidated workflows bring significant savings to
an organization as well as consistency in user/resource
provisioning.

At the six-month point, that's when the provisioning system hits
the efficiency wall. Workflows become unmanageable. Even the
workflows for e-mail provisioning can be difficult, as the
approvers can vary based on business units, geographies, cost
center, etc. We have a customer in the financial service sector
that has over 400 workflows with hard-coded approvers just for
e-mail provisioning. Can you imagine what happens when an
approver is transferred? How is that information propagated to a
provisioning system or administrator? What does it take to keep
those workflow updated?

This is when people ask for a better way to manage
resources-to-users mapping and a better way to automate
'automated provisioning.' This is when Bridgestream comes to
play. Bridgestream provides provisioning systems with three key
pieces of information to overcome their problem: role/group
information, role/group membership information, and finally
approver information.

To understand how we do it, here are some important
clarifications:

* The problem of roles is that they are misunderstood and poorly
  defined. Today, roles and groups are used to describe a class of
  access privilege by IT organizations. They are also used by
  business units to represent some aspects of organization
  structure. A role is often defined to encompass both meanings
  and becomes immediately unmanageable.
* It's not the fault of roles that they are difficult to define
  and manage; rather, there needs to be a separation of business
  roles from IT roles and separation of responsibilities and
  privileges. When business roles are defined to capture only the
  responsibilities, span of control and other characteristics of
  business operation, and when IT roles are used to describe only
  privileges, then both roles become manageable, and both can be
  managed by people who understand those roles the best. A mapping
  between those two types of roles determines the access right of
  users.
* Business roles are not the starting point, but are the outcome
  of calculations against organization data of relationships
  between entities within and between organizations. Each
  individual plays multiple parts and has many relationships
  within an organization: I am part of the marketing organization;
  I report to the CEO; I support key sales initiatives at major
  accounts; I am part of the revenue recognition team; and on, and
  on. This multiplicity of organizational data is what is
  difficult for existing applications and directories to capture
  and manage. None of them have the data schema to do so.
  Bridgestream has a proprietary repository to capture these
  complex relationships and a robust engine to calculate roles,
  approvers and other provisioning attributes based on these
  relationships.

* * *

Now I understand why Thor signed up with Bridgestream, and it
seems that other vendors will have to defend their products if
they don't do something similar. But, as always, I'm open to
your thoughts.

The top 5: Today's most-read stories

1. Windows XP also has plug-and-play vulnerability
<http://www.networkworld.com/nldsv5961>

2. 2005 salary survey
<http://www.networkworld.com/nldsv3879>

3. The ROI of VoIP
<http://www.networkworld.com/nldsv3660>

4. IT staff shortage looming
<http://www.networkworld.com/nldsv5299>

5. CLECs play a new tune
<http://www.networkworld.com/nldsv5752>

Today's most-forwarded story:

Police 'futurists' walk fine line between goals and liberties
<http://www.networkworld.com/nldsv5962>
_______________________________________________________________
To contact: Dave Kearns

Dave Kearns is a writer and consultant in Silicon Valley. He's
written a number of books including the (sadly) now out of print
"Peter Norton's Complete Guide to Networks." His musings can be
found at Virtual Quill <http://www.vquill.com/>.

Kearns is the author of three Network World Newsletters: Windows
Networking Tips, Novell NetWare Tips, and Identity Management.
Comments about these newsletters should be sent to him at these

respective addresses: <mailto:windows@vquill.com>,
<mailto:netware@vquill.com>, <mailto:identity@vquill.com>.

Kearns provides content services to network vendors: books,
manuals, white papers, lectures and seminars, marketing,
technical marketing and support documents. Virtual Quill
provides "words to sell by..." Find out more by e-mail at
<mailto:info@vquill.com>
_______________________________________________________________
This newsletter is sponsored by HP
FROM THE NETWORK CORE TO THE NETWORK EDGE

Traffic management becomes critical as your network
infrastructure expands to support different types of traffic and
users. Most traffic management solutions have serious
limitations: too expensive, difficult to use, and overly taxing
on bandwidth. However ProCurve Networking by HP addresses these
requirements, overcomes the limitations of other solutions, and
gives you valuable insight into LAN performance.
http://www.fattail.com/redir/redirect.asp?CID=111657
_______________________________________________________________
ARCHIVE LINKS

Archive of the Identity Management newsletter:
http://www.networkworld.com/newsletters/dir/index.html
_______________________________________________________________
FEATURED READER RESOURCE
IT STAFF SHORTAGE LOOMING

Outsourcing. Automation. Downsizing. The industry has been awash
in unemployed IT pros. But experts are now predicting an IT
staffing crunch is just around the corner, and the implications
for U.S. technology innovation are sobering. What might be
causing the shortage and what might need to be done to prevent
it? Click here:
<http://www.networkworld.com/nldsv5754>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments:

Post a Comment