Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Is Vaau a wow?

A closer look at Vaau role management, mining company
Security: Identity Management Alert By Dave Kearns , Network World , 08/06/2007
Kearns
Sign up for this newsletter now!

Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.

  • Share/Email
  • Comment
  • Print

When it comes to discussing roles, role management, role mining and role-based access control (RBAC) I do tend to start with Bridgestream and Eurikify. They represent two different approaches to defining roles and so eminently qualify as examples. But there are other companies in the space, and I want to talk about one of them today - Vaau.

Vaau isn’t a complete stranger to this newsletter, having been mentioned twice. Once after this year’s Catalyst conference and once after last year’s conference, when I listed it last in a string of role-related vendors. You might expect that it would be chiding me over this, but the ever so polite EMEA Director of Operations, Mel Holloway, wrote in an e-mail: “Please excuse this approach I am not a spammer, I am a fan (that’s stalker talk!!!).” He did catch my attention and reminded me to take a closer look at Vaau.

Vaau’s RBACx is based, says the company, on “role engineering.” This role and rule engineering engine is used for role mining, rule mining, identity correlation, and access clustering. RBACx also uses advanced data mining algorithms to identify user access correlations across key applications, and uses that information to develop and suggest application and enterprise level roles and rules.

Vaau’s approach is to define multiple processes for roles:

* Role mining engine: A hybrid approach to role engineering, looking at a combination of organizational characteristics, user attributes and characteristics and user’s current accounts and entitlements.

* Rule definition: Ability to generate rules from the role mining engine, assigned when new users are created or when accounts and entitlements are imported into RBACx.

* Roles based on template users: Once the accounts and entitlements of user are imported into RBACx, new roles can be created based on the existing access of some template users.

* Import of existing roles from an authoritative source: RBACx has the ability to import roles from any authoritative source, like ERP, mainframe or an existing identity management system. Once imported, the content of these roles can be refined to obtain enterprise roles.

* Role vs. actual analysis: After the roles are defined in RBACx an analysis can run and RBACx can search for exceptions where user’s actual access does not match his/her role based access. This can be used to refine the role content prior to pushing the roles to the provisioning solution.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed