IBM announced a new identity management system called Security Role and Policy Modeler. Based on IBM Research, the software analyzes employee data and recommends a set of roles to better secure an organization and manage compliance.
The analytics can flag abnormal behavior, inconsistencies in role access and expired user access. Bharti Airtel, a telecommunications provider in India, and Cognizant, an IT consulting and business process outsourcing in the U.S., are already using the software.
An employee’s unauthorized access to client information can leave a firm vulnerable to security breaches and audits. Many companies juggle the administration of identifying, managing and approving employee access, some of who have roles that require different levels of access to financial, personnel or sales and customer data, and can change during the course of a year.
IBM provides an example: a 10,000-employee hospital may enable administrators only to have certified access to financial and human resource systems. Their access must be revoked as their roles change within the organization. The Security Role and Policy Modeler evaluates all 10,000-user identities across the hospital and narrows those down to 100 roles such as “administrator.” This reduces costs and complexity to manage security.
Security Role and Policy Modeler is available as part of IBM’s software for policy-based identity and access management governance offering. The new software enables companies to collect, clean up, correlate, certify and report on identity and access configurations.
Specific new functions include:
Scoring metrics and analytics that give business users the ability to produce a more effective role and access structure. Users can be identified by specific role they play in an organization. For example, a marketing team manager can only allow employees to access market share data but not human resources information.
Clearer view into the role structure – such as organizational hierarchy charts and access exceptions due to business needs – that can be managed throughout the users’ lifecycle. For example, if an employee moves from one department or function to another, that employee can be assigned–or restricted from – accessing particular applications or business assets based on their role structure within the organization.
Single Web-based interface to create, apply and validate roles that have multiple members. For example, a “physician” can be the group role and “cardiologist” or “radiologist” is the member role. Each role can be assigned different access and can be mined to identify outlying behavior and validated for violations.