Most often users aren't fully cognizant of the terms and distinctions between roles and rules, but if you question them you'll find that all agree that the decision-makers in their firms talk continually about job function. The result is that the job functions generally represent individuals' roles that have to be converted into electronic rules. Those in turn must be capable of being defined by technology.
Account provisioning software provides a means of tying account management to the entire group of automated workflow processes. Most account management software companies attempt to create ?hooks? or connectors into the company's password management software, human resource software, and other user management software. In this way entire user accounts can be created and maintained. Generally, the account provisioning software works real-time 24/7/365, so that provisioning and deprovisioning takes place at the touch of a button when needed. Additionally, because of the ease and speed with which provisioning can be accomplished, companies find they are able to eliminate granting superuser privileges to employees, which secures the network still further.
The federal government is cracking down on many issues including privacy and complete and accurate audit trails. Current federal regulations, including the Gramm-Leach-Bliley, the Patriot Act, and HIPPA force companies to look closely at their needs and what regulations are central to their organizations. Following an intensive review, companies must select and implement the tools that are best suited to provide compliance in regard to the privacy of customer, employee and partner information. Non-compliance brings not only heavy fines, but also possible shutdown by the government.
Linking Resources and Connectivity
Consolidating multiple existing sources of user data takes a lot of manpower, time, monitoring and money when done manually. That's exactly what companies are trying to avoid. Generally companies that use legacy software or specialized human resource software keep the data where it currently is stored in the software database. Companies don't consolidate their information sources. It's too much trouble and it's too expensive. Instead, companies put everything into another database where they can keep it synchronized more effectively. This saves a lot of effort and is more cost effective. It can still be a major headache if you have to manually create the pointers and connectors and do the timely updates.
Additionally, it's not unusual for different departments to use different software. This may be due to time-frame parameters based on when the departments were created, mergers and acquisitions or management structure. It would be time and cost prohibitive and a workplace nightmare to change all software to the same type. With account provisioning software, the software from different departments can be utilized cohesively and provide user access and functionality across departments and locations.
Only a few years ago there was talk of having a central data repository and getting rid of ones that existed in remote geographic areas. Then came the Y2K scare, the World Trade Center disaster and the resurgence of interest and action in business continuity planning, which resulted in data being kept in multiple locations and tied together through LDAP and other software, such as account provisioning. The positive side of this is that while all the data is available and linked, if some disaster does occur in one location, only data at that location is damaged or destroyed and other locations can be re-linked around the damage.
As the idea of maintaining multiple data stores and linking them together has grown popular with large system management vendors like IBM and Computer Associates, competition has grown with a slew of provisioning startups like Business Layers and Courion. The goal of all of these vendors and their products is to provide better control of access and movement of users both inside and outside the company.
Not every vendor starts from scratch. IBM acquired ID management software Access360, which integrates with 70 vendors, and tied it to its Tivoli portfolio, which manages both access and privacy. The strength of the product lies in IBM's ability to link multiple security and non-security tasks being run simultaneously within an enterprise.