Home » Identity & Access » Identity Management

Role Management Software: Making it Work for You

By Mary Brandel

September 08, 2008 — CSO — Role management software enables the creation and lifecycle management of enterprise job roles, according to Forrester Research. It does this by discovering and logically grouping application-level, fine-grained authorizations and entitlements into enterprise job roles, which can then be assigned to people by rule-based provisioning or request-approval workflows. See Capabilities of a Full-Fledged Role Management System for a description of the feature set and Who's Who in Role Management for a representative vendor list.

In its 2007 survey of 35 organizations, Burton Group found that the number of role management initiatives has grown significantly since 2003, especially in the financial services industry. The top business drivers include:

Administrative efficiencies for access management
Ease of audit and compliance
Improved security controls for access and authorization

The payoff? In return for your efforts, expect the following benefits:

Simplified number of managed entities
Improved visibility into available resources
Better enforcement of policy
Improved relationship of IT with the business

All of this comes at a price, of course. Burton Group warns that role management requires a significant investment in up-front effort. In its survey, it found the average annual budget for these efforts was about $1.2 million. Project funding was widely variable, says Kevin Kampman, senior analyst at Burton, and was sometimes embedded in other initiatives such as ERP or identity management implementations, with investments ranging from nothing (in one case) to between $10 and $1,000 per user. Small and midsize businesses can plan to implement role mining and design projects for $300,000 to $500,000, while large, complex organizations will face $500,000 to $1 million price tags, according to Forrester.

The Burton Group says major challenges for these projects include:

Establishing the relationship of roles to business and administrative processes
Setting guidelines for defining and establishing roles
Determining who should participate and in what capacity
Determining how to maintain roles over time
Associating roles with resources
Determining how to associate business process and policy with roles

In Burton Group's survey, nearly 70 percent of participants indicated this was their first attempt at a role management implementation, while the rest had attempted a previous initiative. Of that population, 40 percent were successful and 60 percent were unsuccessful. The reasons for failure were consistent, Kampman says, including:

An exclusively technical focus
Little or no business sponsorship and participation
Lack of an overall organizational strategy, methodology and deployment approach

Key differentiators of existing systems, according to Forrester, include integration with leading ERP systems' role structures (SAP, Oracle), management of versioning and temporality of roles and integration with provisioning and identity audit products.