Roles make governance easier

Security: Identity Management This newsletter sponsored by Courion Corporation Developing an Enterprise IdM Program How and where do you get started? How do you measure success? And avoid failure? Download a podcast from Courion, the provisioning and access compliance experts, featuring the keys to developing a successful identity management program - and learn how to achieve measurable business results for your organization. Network World's Security: Identity Management Newsletter, 10/22/07 Roles make governance easier By Dave Kearns Aveksa CEO Deepak Taneja and the company’s new Marketing VP, Brian Cleary, were on the phone with me a couple of weeks ago to assure me that Securent is not Aveska’s competitor - as I may have alleged earlier this month - but is a trusted technology partner. As Taneja and Cleary put it, Aveksa provides the business portion of governance while Securent provides the enforcement layer of entitlement. That’s a good point to make, and one that reminds me to remind you that the business case and the technology case have to intertwine for identity management to be effective. They also made two other points which endeared them to me – the importance of roles and context. I’ve mentioned previously that I’ll be doing a track on “context” at the 2nd European Identity Conference next April. The organizers are currently calling it “Risk-based authentication,” but we’ll make it broader than that as we include context in viewing data, authorization and governance. I’m hoping to have Taneja do a presentation on context in governance. More on that later. Webcast: Get the latest on NAC Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected. To learn more click here. Both Taneja and Cleary stressed that roles make governance easier. While they wouldn’t commit to saying roles were absolutely necessary, they did agree that trying to manage governance without them could be a very expensive proposition. But, they emphasized, “role-based governance” does require the definition and management of roles. A number of people in the area of governance and entitlement have emphasized that many IT departments take a decidedly last century view of roles, seeing them as some sort of extension to, or replacement for, “groups,” as we know them in a network operating system way, i.e., the word processor group, the spreadsheet group, the materials group, etc. And while it’s true that 20 years ago we used groups to allow access to network resources, there is no governance with groups, there are no policies or rules (no matter what the Windows Server documentation says) that can turn groups into roles. Groups are a purely IT functional entity. Roles, on the other hand, are business objects. Roles consist of business rules (“materials buyers cannot approve invoices”) and IT groups (“materials buyers are members of the ‘Excel,’ ‘Word’ and ‘Oracle Financials’ groups”) working together, subject to methods and policies created by the governance process. It is not necessary for all employees to be placed into roles, but it is often necessary for a particular employee to simultaneously inhabit multiple roles. Implementing role-based management is not difficult but it does require attention to detail and it does require that IT and business management cooperate fully. It’s that cooperation (or lack thereof) that can torpedo an otherwise well-planned project. Upcoming events from the IdM Journal calendar: * Oct. 25: Solving the Authentication Challenge through Virtualization, Webinar * Nov. 8: OpenID - online identity for the social network generation, London, U.K. * Nov. 14-16: Gartner Identity and Access Management Summit, Los Angeles, Calif.   What do you think? Post a comment on this newsletter

MOST-READ STORIES: 1. 2007 network industry graveyard 2. Swearing at work is a good thing 3. 6 hot items on the hacker's holiday shopping list 4. Cisco offices raided, executives arrested in Brazil 5. Cafe Latte attack steals data from Wi-Fi PCs 6. Couple swarmed by SWAT team after 911 'hack' 7. Funniest Microsoft videos on YouTube 8. Gartner's top 10 strategic technologies for 2008 9. IBM spins OpenOffice 10. Noncertified IT pros earn more MOST-DOWNLOADED PODCAST: NW360: Cisco's offices raided; Trojan imitates Skype

Contact the author: Dave Kearns is the editor of IdM, the Journal of Identity Management as well as a consultant to both vendors and users of IdM technologies. He's written a number of books including the (sadly) now out of print "Complete Guide to eDirectory." His other musings can be found at the Virtual Quill, an Internet publisher which provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. Comments to this newsletter can be e-mailed to Dave here.  This newsletter sponsored by Courion Corporation Developing an Enterprise IdM Program How and where do you get started? How do you measure success? And avoid failure? Download a podcast from Courion, the provisioning and access compliance experts, featuring the keys to developing a successful identity management program - and learn how to achieve measurable business results for your organization. ARCHIVE Archive of the Security: Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007