For Security & Risk Professionals

Primary Analyst Photo	Document Information	Rate this Document
	September 30, 2008 Best Practices: Enterprise Role Management by Andras Cser with Jonathan Penn, Allison Herald

This is an excerpt

Executive Summary

Enterprise role management plays a central role in efficiently managing access rights and enforcing access policies such as segregation of duties (SoD). The processes and tools related to role management consist of role mining and design, recertification, and access recertification. Forrester's IT end user interviews revealed that successful organizations implement and maintain enterprise roles by: 1) establishing a closed-loop process that covers all strategy, people, process, and technology aspects of role management; 2) leveraging existing access information and repositories for role definitions; and 3) targeting simple areas that yield high return, such as where there is high employee turnover or where the workforce performs common and repetitive tasks requiring access to a limited number of applications and application features. Next practices include: 1) feeding access log information to the role management system to ensure that role definitions remain up-to-date and reflect how applications are being used; 2) using entitlement management solutions to enforce fine-grained access policies tied to enterprise roles; and 3) extending role definitions to identify federation partners.

TABLE OF CONTENTS

• What Is Enterprise Role Management And Why Do We Need It?
• Best Practices In Enterprise Role Management
• Best Practice No. 1: Establish A Closed-Loop Process
• Best Practice No. 2: Leverage Existing Access Information And Repositories
• Best Practice No. 3: Target Simple Areas That Yield High Return
• Forrester's Enterprise Role Management Next Practices
• Identifying Your Challenges
• Case Study
• Supplemental Material
• Related Research Documents

This is an excerpt