Another Way to Support Access Compliance
Posted by Bob Craig - Dir Prod Marketing on Thu, Feb 04, 2010
This week Dave Kearns wrote a column, User provisioning: right access to the right people, where he outlined some of the key benefits of provisioning, namely: improving productivity and reducing risk. Dave makes the point that productivity is improved by providing new employees with Day One access to various IT resources (email, laptop, enterprise applications, databases, etc.), while risk is reduced by reconfiguring or removing access rights when an employee changes roles or leaves the company.
Dave is absolutely right regarding these benefits, but there are a few other benefits he didn't discuss that are worth pointing out in more detail.
One benefit which we hear regularly from our customers is that automated provisioning significantly reduces the time and effort required to manage user access rights. The result is that they are able to drastically reduce the number of staff dedicated to the provisioning process. In one instance, a $2 billion provider of senior living services was able to reduce headcount from 5 FTEs to 0.5 FTEs, saving hundreds of thousands of dollars annually. In another, a large regional bank was able to double their provisioning coverage from 100 to more than 210 applications and justified the investment to their management through reduced headcount (see Creating Budget Where None Exists).
Another key benefit is in access compliance. Whether your company needs to comply with internal policies, audit findings, or industry and government regulations, you need to ensure that user access rights are being managed appropriately. While provisioning isn't required to be compliant, one of the benefits you can achieve is assuring that users are initially only granted access rights that are needed to do their jobs. This preventative control lowers risk, reduces the potential that you may fail a security audit, and helps streamline the access certification process.