Friday, December 26, 2008
Thoughts on Entitlements Management
We know that Bob Blakely and Gerry Gebel of the Burton Group has provided extensive coverage on entitlements management in terms of interoperability, but the conversation needs to go a lot deeper...
We know that vendors such as Securent, Jericho Systems, Oracle and others can provide deep value in terms of technology around entitlement's management but product implementation isn't the entire story. Reality uncovers a simple fact that entitlements management is not sustainable without having a cohesive view as provided by business architecture. If you don't know what your business really looks like from a normalized perspective, then how can you sustain entitlements?
The vast majority of enterprises that have purchased entitlements management products have not even implemented all the necessary business processes. In my presentations at industry conferences, I have always said that identity management is a decent approach to problems in the enterprise, but doesn't get at the complete problem-space needed to increase efficiency related to employee onboarding and reduction in force.
Consider the fact that I am an employee of a Fortune enterprise and all my coworkers know this fact as well. My boss hasn't fired me yet so my identity regardless of how it is sprayed through hundreds of enterprise applications isn't that big of a problem. Now, if you were to ask my boss, what does James McGovern have access to, he would tell you, he has no freakin clue but as soon as you know, please let him know. The funny thing is that I some responsibility for security and even I don't always know what I have access to.
Within large enterprises, the practice of annual reorganizations where folks change roles is a growing trend. On each event a person may gain some rights and lose some rights, or at least that is how it should work. Reality says that over time, most folks are gaining more rights without necessarily losing any. As a person changes role, their identity or even the applications they touch may not change, but identity management runs out of steam when it comes to finer-grained access which is vital to not allowing for entitlements creep.
I wonder if the likes of Josh Bregman, Mark Wilcox, Pat Patterson, Mark Dixon, Nishant Kaushik, Rajiv Gupta or others would be willing to blog on the business aspects of entitlements management...
| | View blog reactionsWe know that vendors such as Securent, Jericho Systems, Oracle and others can provide deep value in terms of technology around entitlement's management but product implementation isn't the entire story. Reality uncovers a simple fact that entitlements management is not sustainable without having a cohesive view as provided by business architecture. If you don't know what your business really looks like from a normalized perspective, then how can you sustain entitlements?
The vast majority of enterprises that have purchased entitlements management products have not even implemented all the necessary business processes. In my presentations at industry conferences, I have always said that identity management is a decent approach to problems in the enterprise, but doesn't get at the complete problem-space needed to increase efficiency related to employee onboarding and reduction in force.
Consider the fact that I am an employee of a Fortune enterprise and all my coworkers know this fact as well. My boss hasn't fired me yet so my identity regardless of how it is sprayed through hundreds of enterprise applications isn't that big of a problem. Now, if you were to ask my boss, what does James McGovern have access to, he would tell you, he has no freakin clue but as soon as you know, please let him know. The funny thing is that I some responsibility for security and even I don't always know what I have access to.
Within large enterprises, the practice of annual reorganizations where folks change roles is a growing trend. On each event a person may gain some rights and lose some rights, or at least that is how it should work. Reality says that over time, most folks are gaining more rights without necessarily losing any. As a person changes role, their identity or even the applications they touch may not change, but identity management runs out of steam when it comes to finer-grained access which is vital to not allowing for entitlements creep.
I wonder if the likes of Josh Bregman, Mark Wilcox, Pat Patterson, Mark Dixon, Nishant Kaushik, Rajiv Gupta or others would be willing to blog on the business aspects of entitlements management...