Large organizations employ thousands of people with ever changing needs to access devices, applications and information. Most of the access requirements are driven by an individual's roles and responsibilities, which keep changing overtime due to promotions, shifts in geography and attrition. The need of the hour is for organizations to provision systems securely and efficiently and also de-activate them based on requirements.
Role based provisioning aims at providing a user access to specific data and applications based on his role. It is an automated selective process with varying levels of access provisions based on how senior or powerful the person's role in the organization is.
Consistent access to data, applications and enterprise resources is a key lever for all employees to execute their job responsibilities properly. However, as an organization grows, the systems, processes, applications and interfaces also grow exponentially. So does the information that is generated and shared across various levels. It becomes extremely important to control and monitor what application and information is accessed by people across the organization. The risks of un-authorized access are immense, ranging from theft of important corporate data or consumer data to deliberated attacks on the IT infrastructure of the organization by unscrupulous elements. The damages caused by such attacks are serious, many of them leading to loss of revenue and reputation. It might also lead to breach of security compliance issues creating a regulatory nightmare for the enterprise. In some cases, it can very well lead to legal suits filed by angry customers whose confidential data might have been leaked or stolen from the organization's databases. The downside is endless.
On the other hand, if users are not provisioned effectively, lack of access to critical resources essential for work can lead to a huge loss of productivity. If they are not de-provisioned properly after the employees leave the organization, there is a risk of unauthorized access to important data and resources which can be a serious risk to IT security.
For any role based provisioning to succeed, its essential that applications protocols do not just capture the details of people and their designation, but also their business role, and details about what kind of applications, data or information he must be able to access. It is essential to know the business context of the user.
An effective role based provisioning platform should have the following components
Role based provisioning is an integral part of identity managemen . It is the first stage in the 5 stages that constitutes the Identity and access management life cycle – Provision/ De-provision, Enforce, Report and audit, Review and certify, and reconcile, which completes the process of granting access after a request has been received. It makes the whole process of identity and access management very effective by streamlining one of the most dynamic areas in the process, keeping track of the continuously changing roles and user profiles in an enterprise.