Role Based Access Control (RBAC) and Systems Thinking

Share on linkedin
Share on twitter
Share on facebook

Role-based-access-control-rbac-_-idenhaus

As organizations grow, they become more complex and difficult to understand. One of the major breakthroughs in understanding this complexity is systems theory, which analyzes systems at the macro level (from the perspective of the whole system), its various components and the recurring patterns in the relationships between those components. One of the key tools of systems analysis is systems thinking, which evaluates organizational systems from a broad perspective that includes seeing overall structures, patterns, and cycles in systems, rather than seeing only specific events. Taking such a broad view can help quickly identify the real causes of issues in organizations and reveal the best solutions to address them.

As organizations mature in scale and complexity, so too does managing the complexity of user access and the corresponding risk governance issues. With this in mind, Role Based Access Control (RBAC) provides a framework to help manage user access in the context of a rapidly changing and more complex risk profile. By focusing on the entire system, RBAC offers a solution that addresses a range of user access problems from initial provisioning (joiners), least privileges (movers), to revocation of access (leavers).

If we think in terms of the user lifecycle, most organizations struggle to get their users provisioned into the core applications they need for their job function. On the day they start, these workers often have basic network access, email, and little else. This birthright provisioning is a start but falls way short of delivering productive access to users when they are getting started. Worse yet, many organizations rely on a ticketing system to request and then manually fulfill access requests, which creates long delays and lost productivity.

RBAC offers a better alternative and begins with identifying the set of core applications that correspond with a particular job function. For example, what are the applications that all workers in the Accountant I job function need? Once we know the answer to that question, we can build a Role that grants access to these applications and implement rules to assign workers to the proper roles on their first day of work. For the new hire, they will not only have birthright access, but they will also have access to the core applications required for their job function.

Successful RBAC implementation requires a variety of principles and tools to analyze access, identify patterns, and change the processes and systems to automate the assignment of core user privileges. The positive effect of the RBAC framework is that it offers systematic improvement across the organization that is focused on the desired objectives: stronger security and a better end user experience.

Do you know what areas organizations should focus on to have a successful Role Based Access Control (RBAC) implementation?

In next week’s webinar Identity Management: Role Based Access Control (RBAC) Best Practices, we’ll share how successful organizations overcome common challenges and we’ll provide specific recommendations around governance, process ownership, and data quality.

Click here to reserve your spot. If you are unable to attend the session, you can listen to the recording which will be emailed to everyone who registered after the event has finished.

Please feel free to share this webinar with any colleagues who may be interested!

best practices role based access control

 

 

Follow @Idenhaus on Twitter and subscribe to our biweekly newsletter.


By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us

Share on twitter
Share on linkedin
Share on facebook
Share on pocket
Share on email

Leave a Comment

Your email address will not be published. Required fields are marked *