- Centralized access management/governance
- Access Forms
- Online Approval
- Automatic on-boarding of new users and Termination of users that have left (i.e. Joiner, Mover, Leaver Process)
- Business approach to access (Business Roles and descriptions)
- User friendliness
- Review - this is great for audit purposes, and proof of compliance.
Improvements to My Organization:
- Access Provisioning: the time-frame has been significantly reduced, as this was a paper based process previously.
- All application access requests are completed from a centralised portal, whereas previously was also paper-based and confusing to users
- Users and managers understand the different levels of technical functionality and can make risk-based decisions about granting access
- Violations are highlighted almost real-time and can be managed much more effectively -and this reduces risk exposure of sensitive applications
Room for Improvement:
Use of Solution:
No issues with deployment.
In the older versions, there were sometimes instances where memory would get used up and the application would need a restart.
No issues with scalability.
Both with Aveksa, and now RSA our experience has been good.
No previous solution used.
The people and change management process was quite complex, as we were changing our process and a major touch point to IT of the entire organisation.
The complex nature of the enterprise environment in terms of different applications was quite complex, in that all technical access had to defined and thought of from a business functionality perspective.
We used a vendor team. They helped us through the technical side of things, and also got involved in business workshops and demonstrating the value and benefit of the solution to the organisation.
Other Solutions Considered:
Yes, we compared it to Oracle.
Get business involved from the initial stages.
Spend some time on user change management, communication and education.
Adopt a maturity model of implementation - getting from a paper based access request governance process to a fully automated closed-loop verification one is a large change. It is possible to get small wins for a large number of applications in stages, For example:
- Attain visibility into user access first across all applications
- Initiate a clean-up of legacy access (this adds a lot of value and reduces potential risk exposure of multiple applications)
- Define/workshop technical access and how it correlates to business functions for an application at a time
- Implement business rules and violations
- Initiate user and access reviews
- Automate provisioning.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 29 2015