Dr. Ron
Rymon
Founder, Eurekify Ltd.
Identity Management
Over the past few years, Identity Management (IdM) has evolved to become a key technology to large enterprises. Today, you will probably find that Security ranks highest on the priority list of CIOs, and that IdM is at the top of their security projects.
The main drivers for Identity Management have been
 | Privileges management productivity. In the context of a growing number of computer systems and applications, this has been the original driver for the development of automated provisioning systems |
| Security. In the same context, one finds that many privileges are wrong, often because they were difficult to grant, and more importantly difficult to take when a user changed one or more of their roles in the organizations |
| Compliance with regulations. This has become the biggest driver for implementing IdM systems NOW. New regulations, especially Sarbanes-Oxley (SOX), demand that organizations instill effective controls on their IT systems. IdM systems offer a good and long lasting solution. |
Role-based Identity Management
Early IdM systems were simply automating the existing set of privileges, offering a centralized view of privileges across different systems, and a theoretical way to automate the privileges granting and revoking processes.
However, without a robust privileges MODEL, it became clear that these systems cannot scale and do not provide the expected ROI or security gains. At Eurekify, we developed the first software that provides for
|
Construction of a role-based privileges Model. Also known as role engineering, this has been a major obstacle to the deployment of role-based provisioning systems. We have solved this problem applying pattern recognition technology to reverse engineer the existing privileges. |
|
Deployment of this privileges model in a provisioning system of choice. Sage role-based models can be deployed at virtually any IdM/Provisioning system, including those offered by the major vendors, but also homegrown systems. |
|
Adaptation of this privileges model to changes in the business that affect users roles, e.g., merger and split of responsibilities, again utilizing our pattern recognition technology |
Our Sage DNA software was then extended to leverage this role-based privileges model to automate compliance verification at the level in which it was intended to be done, i.e., at the business roles level, rather than at the tactical IT privileges level.
|
Role-based and Pattern-based Privileges Auditing. This includes reviewing the privileges and role definitions to identify out-of-pattern privileges, duplicate and overlapping role definitions, etc. |
|
Compliance with policies and regulations. This includes a rule and constraints engine on top of role definitions and the raw privileges. This engine reviews the existing privileges vis-a-vis segregation of duty rules and other business process rules and constraints. |
|
Ongoing Role Management and Reporting. Sage's web-based Reporting Server provides reports for the ongoing administration of role definitions; for role engineering; and reports for IT, Security, and Compliance executives. |