Bringing Simplicity & Visibility to Access Certification
Written by Ken Baker
For example, the wizard based user-interface in Novell Compliance Certification Manager can guide you through the creation of review workflows, stepping you through the key information, criteria and actions that need to be part of different types of reviews that you might need to conduct. It helps you decide who should participate in a review, such as the entitlement owners or supervisors of any users included in a review.
Once you define a review, Novell Compliance Certification Manager can run the review on demand, on a scheduled date or based on a specific event. When a review runs, it sends all review participants an e-mail notification with a link to the review process interface. For example, supervisors might be presented with a list of their direct reports, showing a business friendly description of all their entitlements. It lets you use automated workflows that can immediately alert the proper people in your organization if potential violations have been committed.
One of the ways that Novell Compliance Certification Manager puts these access entitlements in a business friendly context is through the use of roles. For example, in an organization of a thousand users, you can group those users into different business friendly roles that you define. So, if you have one hundred roles, instead of having to look at and verify each of the individual one thousand user’s different entitlements, your business managers only have to verify that those business roles have the appropriate access.
Additionally, as part of the review, Novell Compliance Certification Manager can let you see the last time certain users accessed a certain system. This can be helpful in ensuring you have least privileged accesses in place, giving your users only the access they need to do their jobs and no more. For example, if Joe hasn’t accessed the vendor management system in the last six months, it will likely cause you to evaluate whether or not he needs access to that system. If you determine he doesn’t need access, from the review interface you can initiate an access change request to revoke that access. Based on the policy you’ve defined, that change request might be sent to the owners of the IT asset (i.e., vendor management system), a help desk system, or your automated provisioning system. (See Figure 2.)
Using standard and customizable business rules that enforce security and policy compliance, you can use Novell Compliance Certification Manager to conduct re-certifications based on events that could introduce compliance violations, such as when an employee changes roles or gains new entitlements.
Novell Compliance Certification Manager also includes an extensive set of built-in detailed, summary and customizable reports to further facilitate your compliance efforts. It also provides a set of dashboards with key risk indicators and metrics that can help your business and security managers easily evaluate certification and compliance status, as well provide insights on potential high-risk users and applications and access violations.
Each component of the Novell Access Governance Suite provides the operational simplicity and business visibility you need to improve your overall compliance efforts.
Role Management and Access Request
While Novell Compliance Certification Manager takes care of the first two stages of the access governance maturity model, the other two products that make up Novell Access Governance Suite address the model’s remaining two stages. For addressing Role Management, there’s Novell Roles Lifecycle Manager and for Access Request there’s Novell Access Request and Change Manager.
As mentioned before, the use of roles can greatly simplify your certification and compliance efforts. But defining and making sure you have the appropriate roles can be a challenge. Novell Roles Lifecycle Manager simplifies this effort through role discovery, modeling, analytics and full role lifecycle maintenance. It gives you visibility to patterns and logical groupings in your organization to assist in role creation and management. It helps you make sure you’ve assigned the appropriate access rights to your roles. (See Figure 3.)
Novell Roles Lifecycle Manager can also optimize your overall role structure so that you have fewer roles to actually certify, simplifying your overall certification process. One of the main ways it can do this is by eliminating or consolidating redundant roles. Any redundant roles you have add unnecessary complexity to your certification process. If you have a hundred defined roles and twenty of them are redundant, you’re not only having to deal with twenty extra roles, but you’re dealing with all the systems and applications entitlements associated with those redundant roles. Using Novell Roles Lifecycle Manager to eliminate those redundancies can result in significant reduction in your overall certification efforts.
The discovery and reporting tools in Novell Roles Lifecycle Manager also enable you to find any orphaned entitlements you might have. An orphaned entitlement is basically an access or authorized action that’s not tied to a specific role. Discovering these orphaned entitlements and then assigning them to a role further simplifies the execution and management of your compliance activities.
Novell Access Request and Change Manager, a recent addition to Novell Access Governance Suite, provides a business friendly interface that allows users to request access to a particular resource or system. It also provides a business friendly interface for the business manager that receives the request and has to decide whether or not to approve it. (See Figure 4.) It also has built-in compliance controls and policy checks that can warn the business manager of any potential compliance concerns associated with the request. For example, if a user makes an access request that violates SOD rules, that access request will automatically be flagged with that warning.
When a manager does accept a request, the workflow in Novell Access Request and Change Manager can forward that approval to your IT group, a help desk or your automated provisioning system. The workflow and self-service nature of the product help you eliminate IT bottlenecks, and ultimately lower your IT administration costs and streamline access delivery in a way that lets you maintain compliance.
With the goal of simplifying how information resources are governed and certified, the Novell Access Governance Suite addresses all four stages of the access governance maturity model – Access Visibility, Automated Certification and Controls, Role Management, and Access Request. Each component of the Novell Access Governance Suite provides the operational simplicity and business visibility you need to improve your overall compliance efforts. The suite simplifies access requests. It enables you to better manage your entire user entitlement lifecycle. It makes it easier to certify the compliance of all your roles and entitlements. And it helps you ensure that all the users in your organization always have the right set of entitlements.
Visit www.novell.com/products/accessgovernancesuite/to learn more about how Novell Access Governance Suite can bring simplicity and better business visibility to your compliance efforts.