Document Controls

  • View a Print Friendly version of this document

    Print
  • Toggle highlighting of search terms in this document

  • Text Size: 

    • A (normal)
    • A (larger)
    • A (largest)

For Security & Risk Professionals

Primary Analyst Photo Document Information Rate this Document

September 30, 2008

Best Practices: Enterprise Role Management

by Andras Cser

with Jonathan Penn, Allison Herald

This is an excerpt

Executive Summary

Enterprise role management plays a central role in efficiently managing access rights and enforcing access policies such as segregation of duties (SoD). The processes and tools related to role management consist of role mining and design, recertification, and access recertification. Forrester's IT end user interviews revealed that successful organizations implement and maintain enterprise roles by: 1) establishing a closed-loop process that covers all strategy, people, process, and technology aspects of role management; 2) leveraging existing access information and repositories for role definitions; and 3) targeting simple areas that yield high return, such as where there is high employee turnover or where the workforce performs common and repetitive tasks requiring access to a limited number of applications and application features. Next practices include: 1) feeding access log information to the role management system to ensure that role definitions remain up-to-date and reflect how applications are being used; 2) using entitlement management solutions to enforce fine-grained access policies tied to enterprise roles; and 3) extending role definitions to identify federation partners.

TABLE OF CONTENTS

  • What Is Enterprise Role Management And Why Do We Need It?
  • Best Practices In Enterprise Role Management
  • Best Practice No. 1: Establish A Closed-Loop Process
  • Best Practice No. 2: Leverage Existing Access Information And Repositories
  • Best Practice No. 3: Target Simple Areas That Yield High Return
  • Forrester's Enterprise Role Management Next Practices
  • Identifying Your Challenges
  • Case Study
  • Supplemental Material
  • Related Research Documents

Features

Feature Self-Diagnostic Tool

This is an excerpt

Buy Risk-Free

Price: US $499

Our Money-Back Guarantee: If you are not completely satisfied, return it for a full refund within three weeks of your online purchase.

Already a Forrester Client?
Log in to read this document.

Add to cart

Save and Share

Document Tools

Spread the word:

RESEARCH CATEGORIES

Analyst

Andras Cser

Technology

Security & Risk, Identity & Access Management

Industry

Financial Services

Geography

Asia Pacific, Europe, North America