Here's a scenario that's far too familiar. An employee is terminated, but continues to access vital information on corporate servers for days, stealing precious lead lists or worse, acting in the name of the company for personal profit. Meanwhile, a new user joins the company and waits weeks to get access to the right applications.
Even in an expanding economy, no company can afford such productivity losses - nor such risk. Yet very few large enterprises can prevent them. And for many companies, especially multinational ones, the problem is growing worse. As more corporate users turn to Web applications to access corporate data, managing user credentials and authorization has become "a management nightmare," Gartner Research said in a December 2002 report.
Most enterprises still address the provisioning and de-provisioning of users with a motley assortment of disparate tools in multiple locations, inconsistent and unenforceable policies, manual processes, and teams of system administrators. IT and security executives who look critically at provisioning processes and systems recognize their failings and can easily describe a solution: a secure and flexible global-enterprise provisioning system that aligns IT access with overall business goals.
Actually implementing such a system can be a daunting task, but we've done it at Lehman Brothers. We think our success is based on four critical but often overlooked steps:
- Building a solid business case.
- Combining a detailed list of requirements with an on-site proof-of-concept plan.
- Creating a complete user database and set of business rules before beginning development.
- Clearly demonstrating the significant benefits of the system to head off any resistance to adoption.