Role Lifecycle Management

A role is a representation of a set of access rights to resources/data that corresponds to a business function. Roles are desirable to organizations wishing to deploy user provisioning or measure access compliance because of their potential to simplify security policy administration and enforcement. However, role creation and application is often a complex task. The first major user provisioning vendor to integrate role management, Courion’s role management solutions simplify the process of creating and managing roles over their full lifecycle while also providing analysis tools to optimize their use and effectiveness for policy and segregation of duty enforcement.

Courion’s role management solutions will:

• Ease the process of creating roles and analyze how they are used
• Simplify security policy administration and enforcement
• Assess the impact of roles against security policy and segregation of duty conflicts.

Access Control and Role Management

RoleCourier®, Courion's role management software solution, automates the process of role management through creating and managing enterprise roles. RoleCourier enables organizations to automate the often manual, cumbersome, and inefficient process of role creation and ongoing access control management. Unlike third party role creation tools with limited capabilities that lack true, real-time integration with the user provisioning process, RoleCourier creates a foundation for robust ongoing access control and role lifecycle management that flexibly adapts to the constant stream of access control changes in today’s business environment.

Audit Compliance Software

ComplianceCourier, Courion's user access attestation and compliance software solution, enables business managers to periodically review and verify employee access rights. Increased compliance requirements across almost all industries have tangible top and bottom-line implications on your business. Achieving compliance can increase your cost of operations due to heightened security and manual compliance procedures. ComplianceCourier access, audit and policy compliance software can help by automating user resource analysis management as well as tying critical application access to passing policy awareness tests as ways to proactively meet regulatory compliance requirements while simultaneously reducing operational costs.

Compliance with Segregation of Duties

An important aspect of role management for compliance purposes is to perform checks for segregation of duties violations. Checking segregation of duties is particularly critical in compliance environments where users perform multiple roles, and where assignments of users to roles change on a frequent basis. To address this need, RoleCourier software provides the ability to perform “what if” role modeling. This process examines a set of specified roles against the access control security policy to see if the superset of access rights across all the roles would compromise compliance with segregation of duties policies. A similar process is used to detect attribute-level conflicts across multiple roles.

Managing Role Lifecycles

In addition to role creation and SoD checking, enterprises deploying roles need lifecycle management capabilities to keep up with changes that occur over time. This includes the ability to modify or delete attributes associated with roles, to enable or disable roles, and track the history of changes associated with roles. Role history analysis is a particularly important capability for compliance analysis and reporting.

Another key role management capability is role comparison and consolidation. This enables organizations to iteratively examine their role definitions and determine opportunities for merging similar roles, thereby simplifying management and administration of security policy.

Integrated Role Management and Provisioning

Without a centralized view of users and their access rights, role definition is often a difficult process. In recognition of this, AccountCourier integrates with the RoleCourier™ role management solution to automate role creation, provide access control and role lifecycle management, and assign users to one or more roles as part of the provisioning process. However, for organizations that are not yet ready to define a role infrastructure, the flexibility of the Courion approach allows provisioning to be deployed without roles.

All of Courion's enterprise provisioning solutions leverage a common technology platform − Courion's Enterprise Provisioning Platform − which provides common services and connectors to customers' existing IT environment. This component - based approach is superior to competitive solutions because it allows Courion solutions to quickly integrate with and leverage a customer's existing directories, databases and help desk systems. It also permits customers to choose which applications they want to implement first, without having to implement a "heavy" infrastructure. This architecture enables customers to easily add new managed systems and new technologies as their business needs change, and as they acquire additional organizations or bring in new applications. Our component- based model also assists Courion in delivering additional capabilities quickly and efficiently − including new features and expanded platform coverage.

Back To top