        |
|
Many corporate IT security professionals still regard roles-based access and identity management as hopelessly complex. Many have experienced difficulty with the roles concept and written it off as a failure.
But roles are essential for sound access governance, and the right roles-based approach can actually simplify an IT security manager’s job by extending accountability for role lifecycle management to those business managers who are in the best position to understand what access entitlements individual employees and other users should have.
This paper details how establishing and maintaining a good role system requires input from a variety of stakeholders, and how to effectively achieve this collaboration, and describes the best practices for successfully deploying and maintaining a roles management infrastructure that ensures policies are adhered to in a consistent fashion, compliance objectives are being met and risk isn’t being introduced by inappropriate access, and that sustainable compliance is achieved.