User Provisioning

Virtually all modern organizations depend on a variety of computer-based systems to perform vital business functions. Employees (including temps and contractors) and external users (partners, customers, auditors, etc.) need access to these systems, which include operating systems, desktop PCs, servers, mainframes, databases, web sites, and a host of enterprise applications (HR, finance, manufacturing, healthcare, etc.) User provisioning, a core element of Courion's Access Assurance strategy, implements security policy through the process of creating, managing, and removing user accounts and access rights.

Provisioning is the process of:

• Defining policies concerning user access rights to applications and data
• Creating user accounts on various target systems with the appropriate access rights
• Modifying user access rights to accounts over time as required by changing business needs
• Disabling or removing accounts when users are no longer authorized to access them (de-provisioning)

Why User Provisioning?

User provisioning ensures that only the right people have the right access to the right resources, by governing user accounts and access rights to applications and data.  De-provisioning disables accounts when users leave the organization, eliminating the potential risk of unauthorized access to sensitive data.

Reduce Costs

User provisioning can be extremely complex and difficult to manage manually, particularly for larger enterprises with multiple systems. When a new employee starts, IT must determine which systems the new hire will need to access and establish the appropriate privileges or access rights for that individual, consistent with enterprise policy. The cost of dedicating resources to provision and de-provision users without automation can run into hundreds of thousands of dollars annually, or more, especially for businesses with high turnover.

Improve Productivity

Manually provisioning new employees can take days in a large, complex organization. In the meantime, the new hire is idle since they don't have access to the systems they require to be productive. System administrators often spend long hours creating, modifying and removing accounts, time that could be better spent on more productive activities.

Enforce Security Policy

The principle of least privilege stipulates that a user be given only the privileges required to perform their function, and no more. Implementing this principle requires understanding job functions and implementing the minimum set of privileges necessary to perform them. Busy IT administrators may not have the time or expertise to ensure that user access rights adhere to this principle, increasing the likelyhood that security may be compromised.

Enforcing security policy is particularly important during periods of massive change, such as a merger, acquisition, divestiture, layoff or reorganization. During a merger/acquisition new employees and systems need to be brought on board with appropriate access rights. Employees who are changing positions may need to be re-provisioned with accounts and access rights that are consistent with their new roles. Handling terminations appropriately is particularly essential. "Zombie" accounts that remain active after the employee has departed represent a potentially serious, and often hidden, security risk for the organization.

Automated provisioning makes it easier to consistently ensure that only authorized users have appropriate access to sensitive data.

Ensure Compliance

Most large organizations must comply with relevant regulations, such as Sarbanes-Oxley, HIPAA and Graham-Leach-Bliley in the US, or the Data Protection Directive and the Data Protection Act 1998 (UK) in Europe. Industry-specific requirements include PCI DSS (payment card industry) and NERC CIP-003 (power utilities). These regulations require organizations to manage access rights in order to protect sensitive information from compromise. Some of these regulations have significant penalties associated with them, including large fines and even criminal prosecution in the event of a breach. Automated, policy-based provisioning helps ensure compliance with vital regulations.

Courion's User Provisioning Solution

 AccountCourier®, Courion’s user provisioning solution, enables organizations to design provisioning policy; automate the tasks for creating, modifying, and disabling access; and enforce policy necessary for regulatory compliance.

User Provisioning and Onboarding

AccountCourier enables customers to achieve lasting business results with minimal up-front work. A highly adaptable architecture that dynamically incorporates access control policy changes enables Courion to rapidly deliver a high impact provisioning solution to any size organization. AccountCourier has the flexibility to adapt to your company’s onboarding process and can be launched by a manager initiating a provisioning request or by an automated "lights-out" process triggered by an event, such as a new hire record being added to your human resources system of record.

Courion's user provisioning solution can create and manage accounts on dozens of target systems and ensure that user access rights are consistent with policy. Courion's AssetLink™ technology also enables organizations to provision physical assets, such as smart cards, multi-factor authentication tokens, cell phones and other devices.

Role Management

AccountCourier is fully integrated with RoleCourier®, Courion's role management solution, which automates the process of access control management through creating and managing enterprise roles. RoleCourier enables organizations to automate the cumbersome, inefficient manual process of role creation and ongoing access control management. Unlike third-party role creation tools with limited capabilities that lack true, real-time integration with the provisioning process, RoleCourier provides a foundation for robust ongoing access control that adapts to the constant stream of access control changes in today’s dynamic business environment.

Change Management

Employee access needs are constantly changing as a result of promotions, demotions and reorganizations. AccountCourier can rapidly revoke existing access rights and re-provision employees with new access rights through the action of a manager or as the result of a change in the employee status. When employees leave the organization, whether individually or as part of a layoff, AccountCourier can immediately terminate their access rights to vital systems.

Compliance Reporting

ComplianceCourier™, Courion's compliance reporting system, enables managers to quickly and easily validate and attest that employee access rights are consistent with enterprise policy. ComplianceCourier also manages and enforces policy training requirements and can block employees from vital systems until they satisfactorily complete their training.

Access Assurance Solution

All of Courion's Access Assurance solutions leverage a common technology platform which provides common services and connectors to customers' existing IT environment. This component - based approach is superior to competitive solutions because it allows Courion solutions to quickly integrate with and leverage a customer's existing directories, databases and help desk systems. It also permits customers to choose which applications they want to implement first, without having to implement a "heavy" infrastructure. This architecture enables customers to easily add new managed systems and new technologies as their business needs change, and as they acquire additional organizations or bring in new applications. Our component- based model also assists Courion in delivering additional capabilities quickly and efficiently − including new features and expanded platform coverage.

Back To top