Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

F E A T U R E

Employee Provisioning

August 19, 2002
By Lori MacVittie

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	Wrong Side of the Law?
	A Bite Out of Password Costs
	Executive Summary
	Online Only: Does HIPAA Affect Me?

Provisioning and revoking employees' access rights and resources can be excruciating processes for everyone involved. In fact, the issue of properly managing employee information is likely one of the few headaches shared by those in IT, human resources and facilities management.

Departmental conflicts and ill-defined provisioning processes can raise problems from the start. And these difficulties can hurt a new hire's productivity, open security holes when an employee leaves the organization and delay an employee's move to a new role.

Employee-provisioning, or EUA (enterprise-user administration), solutions provide an automated and centralized method for managing access rights across an organization's systems. By 2004, 40 percent of enterprises will implement EUA products to manage their entire business-transaction flow and user-access requirements for Web and non-Web applications, according a recent Gartner report. These solutions promise to alleviate the difficulties in managing employee access to the systems and resources within the organization not only by automating the provisioning and revoking of user IDs, passwords and so on, but also by managing the business-process flow that accompanies such activities.

EUA solutions also bring continuity. By centrally managing workers' access to directories, databases, servers, legacy applications and identity-management applications, these products let you migrate access rights and resources as an employee changes jobs within the organization and revoke rights when an employee leaves. Centralized auditing offers a complete view of who was granted access when and by whom, and workflow capabilities ensure that security policies are followed.

Finally, employee-provisioning solutions provide financial benefits, however indirectly, by increasing employee productivity, enterprise security and workflow automation.

From Zero-Day Start...

New hires require the basic office equipment--a desk, a computer, a phone--as well as access to job-related systems and applications. If all isn't in place, a new employee can't immediately become a productive member of the organization. And colleagues might waste time attempting to set up the correct access for the new co-worker. You need to be able to click a button and generate a "zero-day start" process--complete provisioning in less than a day.

You need a similar process when an employee moves from one role to another. Modifications to existing rights and migrations to new groups take time to perform and verify. But because the employee has access, there often is no rush to perform the migrations. Automating such processes ensures correct provisioning as soon as possible.

...To Zero-Day Stop

When employees leave, their access rights must be removed from some or all systems. If the original rights were granted without sufficient documentation, revoking rights will take some time. It's possible to overlook some systems, leaving unused and unmanaged user IDs and passwords in applications, thereby opening security holes. An EUA solution automatically removes all issued user IDs and passwords across systems, following defined business processes. This occurs even for access granted outside the system, if the system was synchronized before the revocation process kicked off. This practice is often referred to as zero-day stop, because it almost instantaneously removes all resources and accounts used by an employee leaving the organization.

An EUA solution's auditing and reporting features document what access levels were granted to which systems at what time. These trails provide information for security-policy reviews and a better understanding of the access necessary for roles across systems. If administrators, for example, are given access to systems above and beyond the documented set of systems, the EUA solution's auditing and reporting tools will show this pattern and may suggest you adjust your security policy, saving time in the future. If employees are being granted access that violates security policies, the software will help determine why it is occurring or point out that someone needs a reminder of the corporate security policies.