Home > Information Security Magazine > Features > Role-based access controls
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Role-based access controls
by Shon Harris
Issue: May 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >

Implementing and managing access control can be a nightmare, especially in extended enterprises encompassing partners, suppliers, contractors and remote users. Regulatory requirements and fear of being the next data breach headline increase the pressure.

The challenge is as complex as it gets. What permissions does each user actually need? How do you keep track of authorized and unauthorized access? How do you enforce access policies across heterogeneous systems and applications? And how do you make sure that provisioning procedures are administered uniformly across the enterprise?

Trying to keep up manually is inefficient, costly and error-prone. Too much access leaves you open to insider abuse, as well as hackers who have their pick of unused or poorly managed accounts that have direct access to company assets. And, your auditors probably won't like what they see.

But, identity management products, designed to unify and automate this complex task, do not roll out easily and cheaply. They must somehow integrate diverse components that comprise an enterprise's often heterogeneous identity and access management (IAM) environment. "Identity management" is a somewhat loaded term that covers a smorgasbord of components, including authoritative sources, identity repositories, virtual or meta-directories, database integration components, access control policy enforcers and more.

Almost everyone acknowledges that a finely developed role-based access control (RBAC) structure should be one of the first steps in architecting an enterprise access control infrastructure. A solid RBAC structure is the first step to constructing an enterprise access control infrastructure encompassing identification, authentication, authorization and auditing. RBAC simplifies the identification piece, which will feed into the authentication process.

However, real-world implementations are hamstrung by an often poor understanding of what RBAC is, and a lack of standardization that spawns proprietary solutions that are costly and difficult to integrate, maintain and scale.

We'll talk about these issues and examine the standards that are being developed to overcome them.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2010, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts