Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on July 27, 2007 11:04 AM.

The previous post in this blog was Draft uses cases for document management/drm protocol that integrates with XACML.

The next post in this blog is Blue Pill - The attack that won't go away.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Draft uses cases for document management/drm protocol that integrates with XACML | Main | Blue Pill - The attack that won't go away »

Provisioning factory

One of the things I have noticed is the fact that while many large enterprises have deployed provisioning systems, the actual number of the enterprise applications integrated to the provisioning system is low. This blog will discuss the reasons for this and a solution I call the "Provisioning Factory".

So, why is it quite common to not have integrated that many applications into the provisioning system?
* A prior management belief that the "provisioning product" will somehow miraculously integrate the applications
* Lack of a dedicated management/implementation team focussed on integrating applications (it's often that this is one of many responsibilities an IT team had)
* Lack of communication and understanding of the line business processes and problems that automatic provisioning might solve
* Challenges and costs in creating connectors to various applications (especially home-grown ones)
* No business process people on the provisioning team, only technical experts
* Lack of testing environments for the provisioning process (limits thoughput)
* Few or no tools to help educate application owners on why integrating with a provisioning system is a good idea
* Lack of a budget to integrate applications

Does this sound familiar in your enterprise? If so, then it's time to create a "Provisioning Factory Model".

The place to begin is with senior management. They have to be educated as to the business benefits, security benefits and process improvements by widely deploying a provisioning factory model. There has to be a commitment by the senior manager to support a wide integration as well as providing the necessary budget to accomplish this. All too often senior management has been sold a bill of goods for provisioning without the proper budget and support system in place to actually accomplish the goal once the initial implementation is done.

The management team then needs to make a list of the top 100 applications that need to be integrated. These applications need to be graded on the type, time and cost of developing connectors, the business process changes, the business unit buy-in to this process, the application owner's buy-in to this process and the type of testing required.

Next it's time to create three to four business process streams for the provisioning factory. One stream is for applications where connectors already exist and for which little change needs to be done to the workflows and the roles. Application owners need to be provided with on-line resource materials telling them what the process will be as well as answering questions like test environments, who to contact, etc. Their "speed" through the factory should be very quick.

Another stream needs to be in place for applications where there is a connector but for which business process reengineering is required and/or role based access control changes put in place. Depending on the provisoning tool you use, you may need to be more or less work in order to discover which roles and identities are using the application. The application owner needs to fill in an on-line form that asks them all sorts of questions about their users and current business flows for on and off-boarding. Then a team provisioning expert needs to contact the app owner to examine the work required.

There also needs to be a stream created for applications which don't have a connector. This stream will have several sub-streams. After filling in an on-line form, the app owner will be contacted by a team provisioning expert. One sub-stream will exist for those aps which can be quickly integrated with little work. Other sub-streams will exist for those apps which require business process engineering or role based access control, etc.

The team needs to prioritize their work. Some of the work may be out-sourced to lower cost providers (e.g. connector development).

The team needs to have experts in connector development, business process re-engineering, security, testing and change management.

By applying this factory model to provisioning, it is possible to integrate hundreds of applications per year.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com


Posted by Guy Huntington on July 27, 2007 11:04 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/254

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)