Role-based authorization management acts as a catalyst in the Identity & Access Management systems, not only providing increased security benefits but also significant cost savings and transparent processes. The Role Mining Tool developed by Ventum supports the analysis and evaluation of existing authorization structures and the modelling of roles. The results can be used by our clients in a state-of-the-art role management for secure and cost-effective authorization management.
Benefits of using the Ventum Role Mining Tool in customer projects:
- Data Analysis: automated analysis of existing ~ 50 000 user permissions and permission trees.
- Data Cleansing: identification and elimination of redundant or unnecessary user rights.
- Data Modelling: recommendations for optimal assignment of authorizations to employees through roles.
- Security: elimination of potential security vulnerabilities and minimization of consequential risks.
Role concept in access management.
Our client, a publicly traded, global technology and financial services company, needed a company-wide role concept for its entitlement management. In this case, the Ventum Role Mining Tool is a critical application in its development and implementation. In addition to increased transparency and process optimization within the company, it enables significant reductions in the administration efforts of employee’s authorization management. The results show significant improvements in terms of efficiency and effectiveness.
Role mining is the key to maximizing efficiency and effectiveness in entitlement management.
Through organizational or technical differentiation, roles can be used to assign the exact entitlements that an employee needs for his/her area of responsibility. Roles form the interface between the business processes and the IT of the company: the business process managers must decide which rights each role should contain and to which persons these roles should be assigned. It is important that the number of roles remains manageable and that their definitions are comprehensible. The results of the Ventum Role Mining Tool can be used for initial recommendations. Subsequently, they can be also iteratively extended.
The establishment of role-based rights management starts with a basic clearing up of existing data. This process, called "cleansing", creates the prerequisite for a clean role management. The Role Mining Tool visualizes the assignment of authorizations to users, thus orphaned user accounts and authorizations can be quickly identified and eliminated in this process.
When modelling roles, there are two approaches: top-down modelling creates organizational roles that are shaped by the organization and the roles or positions of employees. Bottom-up modelling analyses existing permissions and assigns roles based on this analysis.
Bottom-up modelling is realized using clustering, which is a method for identifying the similarity in structures in large databases. Using clustering tools, different analysis scenarios can be played through in the role-finding process. The Ventum Role Mining Tool provides all the parameters required for individual configuration: "overlap" describes the desired overlap between the individual user authorizations; "min user" defines the minimum number of affected individual users to cluster permissions in a role; "similarity function" defines the function used to calculate the similarity of permissions and clusters.
The efficient creation and implementation of the desired roles results in the context of an iterative procedure.
In addition to the analysis and initial definition of roles in Role Mining, further role management processes also require manual adaptation of these roles. Thus, the role model is being optimized step by step and is considering all existing organizational and regulatory requirements for access permissions.
With a one-time role definition, the task is not done. Permanent changes require the roles and the superior role model to be easily and quickly adaptable to new job characteristics, IT applications and regulatory frameworks. The Role Mining Software must therefore support efficient Role Life Cycle Management.
Complete transparency in authorization management.
Role Mining is a powerful analyitcal tool that quickly gives you an overview of your existing permissions and their groupings. The Ventum Role Mining Tool delivers the results in various formats and visualization options (matrix form, lists, heatmaps or graphs), allowing the results to be analysed quickly and in detail, as well as from several perspectives.
In this project the number of user and privilege combinations was significantly reduced by using the role mining tool (27%).