Organisations that have a well-developed provisioning and access control environment have the opportunity to leverage their infrastructure to jettison themselves into the world of fine-grained authorisation. This gives them unprecedented control over access to their resources and enables them to enter the brave new world of entitlements management to tighten-up their access control and implement central policy management.
To exploit the potential of entitlements management it is necessary add a couple of components to the identity management environment. The directory store becomes the “information point” which provides the necessary data for the “decision point” to render an access decision. These decisions are interpreted by the “enforcement point”, a piece of code that sits on the webserver, and controls access to the application in question.
There are a number of big benefits to the adoption of entitlements management:
- The centralisation of policies significantly improves the administration of access control to restricted resources. Centralising policy management means that a single business unit can administer policy, and it can be implemented uniformly across the company.
- Data loss protection is facilitated by an entitlements management environment. Documents can be coded as confidential and policies set up to grant access only to staff with the appropriate roles. Restrictions can also be placed allowing access only to users from internal IP addresses or access can also be restricted to business hours only.
This not only leverages the power of the identity management environment, improving security by centralising policy management, it also eliminates significant work on the part of developers to support access control decisions.
Entitlements management is a powerful addition to your identity and access management environment. It will significantly reduce manual interventions and improve governance compliance via the centralisation of policy management.