- What does Cisco have against Quebec?
- Attrition.org nails another nitwit
- Diary of a deliberately spammed housewife
- Seven cloud-computing security risks
- 20 great Windows open source projects
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Start-up Aveksa on Monday added user role management to its lineup of access-control tools and said that healthcare giant Cigna is rolling out the software across its domestic operations.
Cigna plans to support 27,000 users and 300 applications, and in the process clean up and modernize its role-based access infrastructure, which it began building nearly five years ago.
Roles are predetermined sets of access privileges that can be associated with a group of users on a network. Users are assigned to roles and inherit the access privileges of those roles. The National Institute of Standards and Technology (NIST) first developed the model, called Roles Based Access Control (RBAC), more than a decade ago.
Now, Aveksa is stepping up to provide management tools as part of its Aveksa 3 Enterprise Access Governance Suite, which includes the new Role Manager and the company’s current tool, Compliance Manager, which lets users monitor access rights, track privilege changes and ensure compliance.
Role Manager lets users monitor, report, certify and repair user privileges; discover and manage roles; and view the state of all user access rights from a centralized Web-based console.
Experts say while defining and creating roles can be a difficult task, the change management, auditing and maintenance of the infrastructure is just as daunting.
Cigna officials found that out as they worked with a manual system of Excel spreadsheet and a home-grown workflow engine and data repository called the Systems Connection Request to manage their RBAC infrastructure targeted in large part at meeting HIPAA and Sarbanes-Oxley requirements.
“Once you get [RBAC] set up, you have changes,” says Craig Shumard, CISO at Cigna. “Changes to roles, changes to people in roles, changes to role owners, changes to applications in roles, and the maintenance of that activity is fairly daunting to say the least.”
For Cigna, maintenance included 1,700 roles and about 1,700 subroles, a load Shumard calls “pretty significant.”
Shumard said Cigna set up its RBAC infrastructure with the hope that the monitoring and management tools would quickly come along, but that did not happen to his satisfaction until now.
The company is working through its internal certification process on the Aveksa software, a process that will take a few months. Once completed, Shumard plans to have his 300 applications supported on Aveksa and his 1,700 roles reduced to a manageable number within a few months.
Rss FeedRss Feed
IBM spent all that money on a mass rollout of PGP Whole Disk Encryption, just when its discovered that...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment