        |
|
As the demand for user access to information resources continues to increase, IT organizations are struggling to keep pace with the number of requests being made for initial access or changes to existing access. The processes and policy enforcement mechanisms used by most IT organizations to manage the access request and fulfillment process are typically insufficient to meet the needs of the business.
IT organizations have attempted to use a variety of approaches to deal with the complexity of managing and controlling access change across hundreds to thousands of information resources. Most have been manual approaches, such as e-mail and phone requests, which are fraught with inconsistency, very costly and error prone. Making matters worse, policy and governance requirements are not very well understood by the IT organization and are often applied in an ad hoc fashion, resulting in audit findings, compliance violations or access related business risks. Some organizations have tried to improve on manual processes to automate access delivery and governance. Such approaches include attempts to use technologies such as user provisioning or IT service management (e.g. helpdesk) for automation. These approaches, while providing some degree of increased efficiency, did not effectively work for business users.
To ensure that access governance does not become a barrier to organizational success, a new approach is required. Organizations need a solution that orchestrates and manages the processes for access request, approval, fulfillment and remediation across all information resources in the enterprise, while dynamically checking for policy violations against requested access, validating access change and providing a complete audit trail for all activities.
The most important requirement is to have a simple, streamlined and business-centric process for requesting access. Most IT security technologies were never designed to be used by business users, so they lack the context, relevancy and user-friendliness to be effective. A business role-based approach for requesting access expresses access information in terms that the business will understand, ensures that access presented in the selection process is relevant to the requestor, and is able to synchronize with the technical representation of access that the IT organization needs to use for request fulfillment. Additionally the business role approach for requesting access presents only access information that is relevant to a specific person’s functional role, department or business unit.
Configurable process workflow is essential for orchestrating all steps that are required in the access request and delivery process, as is open integration with existing access fulfillment mechanisms such as IT helpdesks and user provisioning systems. Access policy rules are dynamically checked during the request process which ensures that a request doesn’t violate any policies.Support for event driven Joiner-Mover-Leaver Controls provides a continuous access change management framework that enables preventative access control and risk management. An automated closed-loop validation process ensures that access change events were affected in target information resources.
Administrative measurement of every step in the access request and fulfillment process enables the IT organizations to pinpoint bottlenecks in access delivery and provides the decision support needed to optimize the entire process.
By automating access request and change management, Aveksa Access Request and Change Manager delivers the following measurable business benefits:
• Streamlined delivery of access to the organization
• Increased IT operational efficiency
• Reduced IT security administration complexity & cost
• Ownership & accountability for governing user access driven into the business
• Business assurance for access compliance and risk management
Through a self-service approach for access request, businesses can become more autonomous and agile. As a result, IT operations and security will no longer be the access bottleneck, so the business will operate more efficiently and the IT organization will be able to respond more quickly to changing operational environment.
Aveksa Access Request and Change Manager streamlines the access delivery process and drives accountability for access management through the entire enterprise by providing an automated, end-to-end, business-friendly solution for requesting or changing user access.