Provisioning employees with passwords, user accounts and security privileges is the bane of every IT department. It's time consuming, often boring and, increasingly, a security risk in organizations with thousands of employees and dozens or even hundreds of IT systems, many containing sensitive data.
To deal with the problem, companies are increasingly turning to role-management software. This helps analyze and map employee job functions to the appropriate IT privileges, and helps create and manage these roles.
Early in 2007, insurance giant Cigna Corp. needed to standardize the way it assigned IT privileges to its 27,000 employees accessing Cigna's 300 or so applications. The company's traditional method -- giving new employees the same privileges held by employees in similar jobs -- wasn't keeping up with complexity and volume of new account requests.
"Without roles, you're creating IDs helter skelter," says Craig Shumard, the chief information security officer at Cigna. "So when Bill gets promoted, you might say 'Let's give Bill whatever Joe had access to, because Joe had that same job before.' But Joe might have a lot of other privileges accumulated over the years that Bill shouldn't have."
Cigna initially created an in-house provisioning workflow tool that allowed users to initiate the provisioning process by selecting job functions and IT needs via drop-down menus. But Cigna soon realized it needed a more automated system for creating user roles, one which also had reporting and monitoring capabilities.
Cigna selected the Aveksa 3 suite, which includes role monitoring, reporting and management features. The software provides analysis tools for evaluating roles and defining new ones, audit trails for proof of regulatory compliance and automated certification that routes employee role reports to business managers for validation.