Creating an ERM framework

Increased efficiency is a driving factor for organizations adopting role-based access control (RBAC). In IT operations, RBAC lowers the number of IT entitlements or roles, preventing staff from getting inundated with a huge number of granular access requests. RBAC also reduces the complexity of the audit and compliance certification process by certifying roles, instead of each application and each entitlement.

Companies can follow a basic process to develop an effective enterprise role management framework. First, begin with an assessment of your organization's current identity and access management (IAM) and role maturity. A role-mining exercise can assist in aggregating, correlating and cleaning existing data. To manage sensitive privileges within applications, implement base roles for new hires and contractors, and create application/IT roles for users who cross organizational boundaries but need similar access.

Next, establish role-lifecycle management processes. A role's lifecycle is the same as a user's lifecycle – it gets on-boarded, transfers, changes or terminates. Define and document the business processes for role-lifecycle management and then, to automate, map that process to technology. Automation is key to preventing stagnant or inaccurate roles.

Identifying roles and responsibilities is the next step. A basic team comprised of the various stakeholders should be built up, understanding that "new actors" may need to come on-board.

Standardization of role management is best achieved when implemented at the enterprise level, but business dynamics can make this challenging. Mature business units should move toward a central governance process for role management.

Your organization will change significantly with an enterprise role management model, but the increased efficiency in business processes and IT operations makes it well worth the effort.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.