| Role Engineering & Management |
 |
 |
 |
|
One of the most challenging problems in managing growing enterprises is the complexity of security administration. Role based access control (RBAC) has become the predominant model for advanced access control because it reduces the complexity and cost of security administration. Most technology vendors are now incorporating some flavor of RBAC into their product line and the technology is finding applications in areas ranging from healthcare to defense, in addition to the mainstream commerce systems for which it was designed. Insolutions specializes in advanced access control architectures and utilizes a roles and policy-based approach to role engineering in order to define, deploy and manage effective role based access control solutions. Role Based Access Control (RBAC) is emerging as an alternative to traditional access control methodologies as it established a framework to facilitate management of users and information assets across an enterprise in a controlled and effective manner. The concept of Role Based Access Control (RBAC) is built upon the premise that access to an organization’s data resources should be controlled and managed using a set of predefined roles, dynamic rules and approved policies relevant to the organization's needs. . Incorporating an RBAC framework is advantageous because it provides a consistent approach to managing user access to critical resources, resulting in operational efficiencies and inherently strong security controls that can assist with the challenges associated with corporate compliance. Although the advantages of adopting the framework are clear, the process an organization follow to transform from a traditional access control methodology to an RBAC model can be quite complex. The biggest obstacle to implementing an RBAC model is the general absence of a proven methodology that organizations can follow that will produce the desired results without disrupting existing critical business processes. Traditional role mining and identity auditing techniques have proven to be only partially effective in building a true role based access control infrastructure that will meet today’s stringent regulatory requirements. inSolutions provides a complete methodology and approach for defining roles based on different access levels on different platforms. Roles and rules can be defined based on collected user entitlements or can be generated from various role mining activities designed from both top-down and bottom-up perspectives. inSolutions role mining capabilities leverage both proprietary and off-the-shelf tools that utilize sophisticated algorithms to generate roles based on user entitlements. Our process and approach to role engineering can easily reduce role definition time by up to 50%. |