By Allan Radding

Creating effective and efficient identity management competencies requires more than just the input of the IT department. This is, in part, because a single employee can hold many roles as he or she moves from task to task during the workday. With CIOs increasingly focused on governance and compliance auditing and reporting, identity management solutions need to play a broader and more strategic role to help build competencies while supporting business growth.

To effectively manage access to enterprise systems, applications and resources, CIOs need to understand each role and responsibility within a company, and the impact these virtually intangible influences have on the organization and its IT infrastructure — both software and hardware. What's more, this information must be accurately maintained and updated as employees are hired, leave the company or shift roles.

It's not a job that CIOs can hand off to Human Resources, either. "HR really has only a static definition of what a person does," says Bill Mann, a Senior VP at CA. "Typically, HR doesn't know what a person really works on at any given time, and they shouldn't have to." Herein lies the challenge of role lifecycle management.

Costly Roles
At one large manufacturing company, that simple fact delivered a big surprise. The organization, which has approximately 40,000 employees, was trying to maintain more than 80,000 roles. This quickly became a tedious and unmanageable task. What's more, the CIO knew there were direct and indirect costs associated with the company's existing role management infrastructure. Needing help, the CIO and his team looked to Deloitte & Touche LLP (Deloitte & Touche). "It was obvious they needed to step back and look at the entire role management lifecycle process, since the misalignment of roles was causing broader security and compliance issues," says Deborah Golden, Principal in the firm's Enterprise Risk Services, Security and Privacy practice.

Ultimately, the organization leveraged Deloitte & Touche's Role Management for the Enterprise (RM4E) approach for role lifecycle management. At the same time — in an effort to enhance and automate the process itself — Deloitte & Touche integrated CA's Role and Compliance Manager (RCM). The integrated solution provides the organization with effective methods and technologies to better manage the excessive proliferation of roles, which had compromised access control and security.