I wrote a white paper last year to articulate my company's vision and capabilities in the identity and access management segment of the IT industry. (Now, Gartner and other folks are calling this category "Identity Governance and Administration," and I'm sure there are great reasons for doing so -- none of which I'll debate here.)
Called "Roles & Rabbit Holes," the paper makes the point that the access that workers within any given enterprise have to company technology systems and databases should be limited, for security and compliance reasons, and those limits should be governed by business policy. Furthermore, there are technologies (such as RES) that can implement those policies, allowing them to govern access in a way that adapts to the constantly changing context of the worker. (By "context," I mean: the device they're using, their network connection - private or public - their physical location, and other information.)
Doing so requires the crunching of a massive amount of data and, as a writer, it challenged me to find a simple way to convey how RES introduces order to what may seem chaotic.
Metaphors are purpose built for this, but coming up with a suitable one requires a moment of gestalt -- and such can sometimes be elusive.
In this case, an idea did present itself: an identity tree. Now such trees are commonplace, but they're typically used to describe an individual's identity: certainly far from the context that I wanted to establish. After some thought (and furious keyboard tapping), however, a picture emerged of how each worker's identity attributes -- their technology, user experience, context, security, and attributes -- can be harnessed to manage their system access in a very powerful, dynamic way.
I think it worked out pretty well -- but then, I wrote the thing and can be accused of bias. No matter. You'll find it here: page 4.
Did I hit the mark? Comments welcome....
Post a Comment