I believe that “Role Mining” is and will become more and more relevant in enterprises and complex organisations. Too many changes happen nowadays in enterprises (changes in org charts, merge & acquisitions, business-focus changes, increased outsourcing of activities and temporary labour force, etc.). How to ensure that the right people/groups have the necessary access rights in a context that is constantly changing?
Good practices and processes, auditing and compliance checking are ways to achieve for … However, “Role Mining” solutions can provide additional help, from an operational perspective, to identify “organisational roles” that reflects current security and access control permissions associated to employees. The analysis of the outcome of a “role mining” activity can sometime reserve surprises …
“Role Mining”, at the very core, is about identifying and extracting meaningful “roles” in an enterprise from “row data” (e.g. access control rights, ACLs, etc.) by using different techniques (e.g. data mining, clustering, etc.). A related, interesting paper on Role Mining can be found here.
Solutions are already available in the market: however I believe this is still a green field, open to innovation – in particular if we consider this in the overall context of Enterprise Identity Management (by including provisioning, access control policy setting and compliance management).
After all, the effectiveness of “Role Mining” solutions and related techniques can be measured in their capability of extracting meaningful set of roles, from a business perspective (i.e. meaningful to and comparable with an enterprise organisation) rather than purely from a technical perspective (i.e. a list of “labels” identifying abstract roles) and helping administrators to spot potential anomalies and suggest remediation steps – integrated wit hstate-of-the-art identity management solutions.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment