- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Start-up Aveksa on Monday added user role management to its lineup of access-control tools and said that healthcare giant Cigna is rolling out the software across its domestic operations.
Cigna plans to support 27,000 users and 300 applications, and in the process clean up and modernize its role-based access infrastructure, which it began building nearly five years ago.
Roles are predetermined sets of access privileges that can be associated with a group of users on a network. Users are assigned to roles and inherit the access privileges of those roles. The National Institute of Standards and Technology (NIST) first developed the model, called Roles Based Access Control (RBAC), more than a decade ago.
Now, Aveksa is stepping up to provide management tools as part of its Aveksa 3 Enterprise Access Governance Suite, which includes the new Role Manager and the company’s current tool, Compliance Manager, which lets users monitor access rights, track privilege changes and ensure compliance.
Role Manager lets users monitor, report, certify and repair user privileges; discover and manage roles; and view the state of all user access rights from a centralized Web-based console.
Experts say while defining and creating roles can be a difficult task, the change management, auditing and maintenance of the infrastructure is just as daunting.
Cigna officials found that out as they worked with a manual system of Excel spreadsheet and a home-grown workflow engine and data repository called the Systems Connection Request to manage their RBAC infrastructure targeted in large part at meeting HIPAA and Sarbanes-Oxley requirements.
“Once you get [RBAC] set up, you have changes,” says Craig Shumard, CISO at Cigna. “Changes to roles, changes to people in roles, changes to role owners, changes to applications in roles, and the maintenance of that activity is fairly daunting to say the least.”
For Cigna, maintenance included 1,700 roles and about 1,700 subroles, a load Shumard calls “pretty significant.”
Shumard said Cigna set up its RBAC infrastructure with the hope that the monitoring and management tools would quickly come along, but that did not happen to his satisfaction until now.
The company is working through its internal certification process on the Aveksa software, a process that will take a few months. Once completed, Shumard plans to have his 300 applications supported on Aveksa and his 1,700 roles reduced to a manageable number within a few months.
Eventually, he hopes to replace the Systems Connection Request engine, which is used to initiate provisioning jobs, with the Aveksa platform.
The Aveksa workflow tool initially will be used to pull together role owners, application stewards and managers to make sure “we have the right people in the right applications in the right places,” Shumard says. “We can then start to send automated requests to role owners so every six months they can certify what applications are in each role so they are fresh and current, and we also can go to managers so they can certify that their employees are in the proper roles as well.”
Rss FeedRss Feed
The Leader in Network Knowledge
Comment