Authentication software specialist Courion introduced June 12 a product aimed at helping companies automate the process of defining IT systems access privileges.
Dubbed Courion RoleCourier, the so-called roles management solution promises to help simplify provisioning work by allowing companies more leeway to create and manage end-user access roles based on their specific business needs. The authentication software also features new tools for modifying, deleting, reviewing and analyzing access roles and policies.
Federal data access compliance regulations such as the Sarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act) are pushing companies to reinvest in their authentication and roles provisioning systems, said Kurt Johnson, vice president of corporate development at Courion, based in Framingham, Mass. Fearing auditor demands for in-depth proof of segregation of worker duties and access to information, customers are looking to add new tools to help define and manage those roles, he said.
"Complexity has hurt companies ability to deal with this problem, but we believe that automating the provisioning process can help customers move faster and drive roles creation using their real business demands," said Johnson. "Some people view the whole idea as impossible based on the variation of their business; by getting the business managers more involved in how authentication rights are managed, the process can be achieved a lot more effectively."
Courion is specifically betting that it will help pull the needs of IT administrators and business managers more closely together in relation to compliance by giving each group an equal amount of input into how access privileges are defined and handed out. In the vertical markets where compliance has had the greatest impact, such as the financial services industry and medical field, there are extreme demands on organizations abilities to offer and secure IT systems access to workers, partners and customers, he said.
"The truth is that some of these organizations will never have specific roles for some of these people, but weve been saying for years that you dont really need roles for provisioning, you just need a smarter way to define access privileges," Johnson said. "Some sort of banking analyst may be hard to define, but bank tellers tend to do the same things; its also a matter of creating hierarchies, and thats where automation can really help."
One organization working with Courions provisioning tools and facing such a complex set of demands is Childrens Hospital Boston. The hospital must figure out a way to grant access to a sophisticated and constantly evolving network of full-time employees, associated physicians, students, researchers and business partners.
Paul Scheib, chief information security officer at Childrens Hospital, said that weighing the daily demands of providing IT systems access to health workers while not prohibiting their work, along with improving overall security, remains no easy task.
"We realize that this is a job that will never be completed, but hopefully it can become easier, and technology is helping that," said Scheib. "The truth is we are still emerging from a culture where everything was on paper, and this access issue is one of the major obstacles the health care industry has faced in making the change to electronics documents and other systems."
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.