A three-part series examining the intricacies of integrating Role Based Access Control into a group environment.
In this first part of our three-part series we will begin to describe the process of integrating Role Based Access Control (RBAC) into a group based environment. Our first installment will give a high-level overview of the necessary footwork to prepare the stakeholders by examining the need, evaluating the current access landscape, and preparing for the organization-wide change that comes with the territory.
Role based access control is a methodical approach to provisioning based upon roles and privileges in contrast to a rule-based or discretionary approach. Roles simplify access management for employees, contractors, and external users by incorporating the business policies and rules necessary to grant appropriate access.
In order to successfully integrate RBAC into your security infrastructure, you will need to educate and win-over key stakeholders in your organization. Here are a few tips to get you started.
Know Your Network First
It’s vital to get a general understanding of your organization’s identity and access control operations in order to effectively integrate Role Based Access Control. During this process, you will:
- Review existing identity and access management systems
- Identify if the current access control operations work efficiently, or if they are broken
- What is the current approval process for new users?
- Does the organization have strong security policies, and how are they enforced?
- Identify where RBAC can best be leveraged in your technology infrastructure.
Defining the Business Case is Critical
Defining the business case for leveraging Role Based Access Control is a key activity to educating and engaging stakeholders. To successfully do this, you must:
- Prioritize the business objectives
- Define the project charter
These business drivers are often unique to each organization. They can be a mix of facilitating security, driving provisioning efficiencies such as reduction of employee downtime through better automation, and reducing the overhead associated with compliance controls like HIPPA, GLBA, SOX, and FISMA.
Lessons We’ve Learned Integrating RBAC
- Be flexible – RBAC must support organization change
- Anticipate political issues and plan ahead
- With ownership comes responsibility
As with any effort, it is most important to understand why. What drives the effort? And as with any substantial capital investment, internal alignment is a critical component to the success of the integration. Don’t make the mistake of choosing a technology and beginning implementation without understanding how it affects your business strategy and your security environment.
Stay tuned for our next two installments on RBAC, which will offer high-level descriptions of the requirements needed for collaborative participation to gather information needed for design and implementation.
Learn more about how to get started with Role Based Access Controls, check out these resources:
- Part 1: Defining Roles for IAM – Begin at the Top!
- Part 2: Defining Roles for IAM – From the Bottom Up
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us