Cornastone, IBM and Eurekify recently hosted a discussion in Johannesburg on role-based identity management, a major challenge in large organisations today.

Among the issues discussed were how organisations can achieve the benefits of role-based identity management, and how to quickly construct, deploy, manage and leverage a role-based privileges model for identity management and automated provisioning.
"Roles are the DNA of any organisation. Roles tie business and security together, Roles are the common language understood by both business and security administrators," said Azi Cohen, CEO of Eurekify, the role management company represented locally by Cornastone. "Roles are fundamental to identity management."
Controlling access to company resources is a complex consideration for any big business. To remain competitive, companies have to give employees timely access to the business resources. They may also need to extend secure access to these resources to customers, partners and suppliers, against a backdrop of increasing risk of fraud and abuse. In addition, regulatory requirements make it obligatory for organisations to remain in control of their resources and to prove that they are in control.
This has led Gartner VP Roberta Witty to conclude that: "Role management is becoming a must-have rather than a nice-to-have capability in large enterprises."
Cohen notes, however, that Eurekify's analysis of privileges has shown that in most cases, more than 29% of users own wrong access rights and more than 44% of the resources in any large organisation can be misused by users who should not have access to those. More than 50% of groups in mainframe systems or Microsoft Active Directory appear to be redundant. Further, it is not unusual for many employees to violate company access policies and compliance rules.
"Role-based privileges management is widely recognised as best practice in the deployment of a provisioning system," says Cohen. "81% of identity management project managers find that existing provisioning solutions do not provide adequate tools for the creation and ongoing management of a role-based privileges model. Eurekify's approach is integrated, complementing any existing identity management solutions with powerful analytic capabilities built on pattern recognition technology."
Most of those who attended the discussion represented companies which are already using an identity management solution. "These customers can now benefit from technology that provides the most advanced role lifecycle management capabilities in the world," says Cohen. "The results are gains in efficiency, vastly improved security and compliance with both internal and external policies."
Patrick Devine, security and identity management practice leader at Cornastone Consulting, says: "The technology provides an enterprise view of who has access to what resources, providing valuable insight based on actual rights rather than conjecture. By understanding the current landscape, organisations can make informed decisions and build an accurate business case on which aspects of identity or compliance management to allocate resources for maximum benefit.
"Eurekify's phased approach to deploying role-based identity management relies on "the 5 Cs"– control, create, comply, correlate and collaborate. Creation of a role-based privileges model can be used as a reference and uploaded into the provisioning system for ongoing operational use . The solution enables ongoing maintenance of the role-based privileges model as well as periodical synchronisation with the provisioning system. IT controls, for regulatory compliance, are automatically verified, exceptions and deviations are automatically detected, roles and privileges are automatically certified, and reports are provided periodically."