MOUNTAIN VIEW, Calif.-September 18, 2007 - Chief Information Security Officers are getting plenty of respect, as evidenced by steadily escalating budgets and expanding staff resources to harden organizational security.
While most large enterprises have met compliance standards with respect to defending the perimeter, it is the internal controls - who is entitled to access what - that continues to challenge these organizations. Addressing this, Echelon One has announced the top five things CISOs should know about Entitlement Management.
Echelon One, a leading information security research and consulting company, has released a whitepaper entitled, Five Things the CISO Would Like their Organization to Know About the Importance of Entitlement Management. The paper was developed to help C-level executives understand the security, user and administrator productivity, and compliance benefits of using Entitlement Management products to manage authorization functions across enterprise applications and data stores. Securent, Inc., the leader in the Entitlement Management market, commissioned the paper, which is available at its website-http://www.securent.com.
In its research for the project Echelon One observed that organizations can spend 100-500 hours hard-coding entitlement rules into each of their applications as they update them to fit new compliance standards. In addition, line-of-business managers may spend as many as 60 hours per year performing entitlement reviews, in order to sign off on compliance documentation required by auditors.
"The huge, repetitive cost of these tasks implies the potential for a high order of savings, productivity gains and security improvements, provided that organizations can escape the need to endlessly repeat the same access management chores," said Rajiv Gupta, CEO Securent.
After conducting many security reviews in a variety of industries, the Echelon One staff developed a whitepaper outlining five key questions. They
- What is Entitlement Management and why should my organization care?
- Why is Entitlement Management a leading compliance concern for corporations today?
- How have enterprises managed Entitlements historically?
- What is the best way to address Entitlement Management and meet compliance requirements?
- What are the expected compliance and security benefits of deploying Entitlement Management tools?
Following the discussion of these topics the whitepaper concludes that, "Specifically designed Entitlement Management tools like those from Securent can help organizations achieve their compliance and audit concerns by creating a consistent, standards-based infrastructure for managing and enforcing the appropriate access and entitlements across the enterprise."