How to develop an entitlement management strategy

Tips to help IT and security managers put entitlement management policies, processes and systems in place.

Entitlement management technologies can protect networks from internal threats, automate the process of keeping roles and access rights up to date, and reduce headaches related to regulatory compliance. It all depends on an organization’s needs.

IT managers facing compliance deadlines might appreciate the separation of duties features and audit trail data provided with entitlement management products from Jericho Systems, Oracle and Securent.

Security managers might embrace the fine-grained authorization policies that companies such as Aveksa automate for customers.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Entitlement management technologies can protect networks from internal threats, automate the process of keeping roles and access rights up to date, and reduce headaches related to regulatory compliance. It all depends on an organization’s needs.

IT managers facing compliance deadlines might appreciate the separation of duties features and audit trail data provided with entitlement management products from Jericho Systems, Oracle and Securent.

Security managers might embrace the fine-grained authorization policies that companies such as Aveksa automate for customers.

And companies looking to better protect intellectual property and customer privacy might decide to put entitlement management in place to lock down systems from widespread or unauthorized access.

Here are a few steps IT and security managers should take when determining how to fit entitlement management technologies into their organizations.

1. Create and define roles

Entitlement management technologies work with established roles to start, but can be used to analyze whether defined roles are appropriate or need to be redefined. While the software products will initially tap into existing identity management systems and access rights repositories, entitlement management tools can help update existing privileges to better suit the environment and changing business demands.

"There is a realization that the current approach to access governance isn’t working, because it is too manual and fragmented," says Deepak Taneja, CEO of Aveksa. "Entitlement management allows for the review of access policies to determine if established roles need to be updated and if the privileges are appropriate given the current state of the environment."

2. Establish team of business and security managers

Craig Shumard, CISO at healthcare provider Cigna, advises those considering an entitlement management project to dedicate a team consisting of IT and business managers. He says the collaboration will help ensure the roles are defined with the business in mind.

"You have no idea how many rocks you are going to have to look under when you start defining roles and sub-roles. Involvement from the business is critical in creating roles," Shumard says.

Mark Diodati, an analyst at Burton Group, told attendees at the research firm's Catalyst conference that working with the business to establish entitlement management is critical to establish "complex policies created from a business objects perspective."