Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Entitlement management: Access control on steroids

Entitlement management tools bring fine-grained access control to another level
By Denise Dubie , Network World , 12/03/2007
  • Share/Email
  • Comment
  • Print

Faced with looming regulations such as the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act, Craig Shumard, chief information security officer for healthcare provider Cigna, knew he needed better tools for role-based access control.

"In the past many employees would just dole out access rights based on a peer's profile, but it is not efficient nor is it prudent from a security and regulations standpoint to give employees more access than they need to applications and data," Shumard says. "We only want to dole out the minimum access employees need to do their job effectively and only for as long as they need to do that job."

When his search began more than five years ago, nobody was offering what he needed. The limitation of his prior role-based access control tool was that it was "only as good as the day you do it because people are constantly moving, companies are realigning and functions are changing," he explains. Role-based access control was fundamental to his company's business processes, but the system he had "was a massive process with a lot of moving pieces that became a struggle to maintain."


Read a related story on how to develop an entitlement management strategy. 


Today, Shumard uses software from Aveksa to automate fine-grained authorization that involves 1,800 multi-layered roles and 2,400 sub-roles. The tool makes it possible for staff to stay on top of doling out, updating and pulling back roles and access rights to employees, he says.

"Fine-grained authorization and entitlement management allows you to externalize security from the applications and helps drive out complexity and improve policy-based management. It is not a trivial thing," Shumard says.

For example, when a new employee comes on board, Aveksa integrates with Cigna's human resources database to automatically provision pre-defined roles, but also to de-provision those same users if their jobs change or they leave the company. The Aveksa workflow tool is used by the security team to pull together role owners, application stewards and managers to keep roles up to date and systems secure from unauthorized access, he says.

The software runs on a Linux operating system and Oracle database, and is also available as an appliance. Pricing for Aveksa 3 Enterprise Access Governance Suite starts around $140,000 for 1,000 users and 25 applications. But Aveksa features a Web-based interface that not only IT security staff can use, but which business managers can also tap into to create and review roles. "What a customer service representative does today can change by tomorrow so we had to expand how we defined roles and automate the process of keeping them up to date," Shumard says.

  • Share/Email
  • Comment
  • Print
Partner Content

NetScout is one of the world's premier providers of integrated network and application performance solutions.

www.netscout.com

Know First

Get Proactive — Move from Troubleshooting to Monitoring to Management with nGenius K2's Service Dashboard & Intelligent Early Warning Alarms

Watch the Video

Know Where

Get Rapid Performance Problem Isolation with nGenius Performance Manager and Diagnose Problems up to 70% Faster!

Learn More

Know Why

Get the Details to Validate and Solve your Toughest Performance Issues with nGenius InfiniStream and Sniffer Intelligence Modules

Read the Whitepaper

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed

Whitepapers

Overcoming Single Provider MPLS Limitations

In this whitepaper paper, Stratecast Partners reviews the limitations associated with a single...

Global IT Integration Strategies for Mergers, Acquisitions & Divestitures

One of the most critical success factors for a merger, acquisition or divestiture is how quickly...

Windows Vista: Necessity and Opportunity

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Webcasts

Migrating to Windows Vista: Necessity and Opportunity

The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Turning information into a Competitive Advantage

Companies today are realizing that competitive advantage is harder to sustain when based solely on...

PoE Plus: Impact on the PoE Market

The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...

Special Reports

Mapping a Successful Virtualization Course

Managing a newly virtualized environment can be tricky. Effectively deploy this technology with the...

Unified Threat Management from CheckPoint

Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...

Closing the Loop: Extending Wireless LAN Security to Wireless Printers

Enterprises cannot overlook wireless printers when assessing network security. The print jobs and...

Get instant email notification when white papers, webcasts, executive guides are added to our library. Stay informed and up-to-date with the latest on IT Technologies with Network World's Resource Alerts.
Network World,to go. Wherever you are. Breaking news delivered to your mobile device. Select the hottest topics in networking and start receiving Network World on your mobile device today.