Couches or Concrete

Bought any furniture lately? It can be a long and involved process. Viewing many different options, different styles, different colors. Some spend a lot of time looking for the best fit for your needs, then a special someone will “suggest” the items you ultimately end up buying. But, I digress. Back to the choices.

Should you purchase a chair or chairs? Couches? Tables?

Regardless of what you’re looking for, there is one constant that exists between your search and that of everyone else shopping for furniture: you have someplace to put it. Somewhere along the way, you’ve figured out where in the house it’s going to go.

Ah, the house.

The house was built before you got the furniture to put in it. The foundation, the walls, the windows, the roof, the plumbing. All that was built before you got the furniture. And, it was built in a particular order. You don’t put a window on an empty lot. You dig the hole for the foundation, pour the concrete, erect the floors, then the walls, etc.

The house can be livable without furniture, but furniture is part of what turns a house into a home. The furniture makes the house more useful, but the house enables the furniture to be used. Plus, furniture is the flexible part of the house. You can move it around, put covers on it, take it different rooms, combine it with other furniture. Eventually, you can start to add more furniture and get rid of others you’ve had for a while that don’t work any more. The use and possibilities are endless.

Think about it. RBAC is the furniture in your Identity Management house.

RBAC is not, or at least it shouldn’t be, the first thing you implement in an IdM solution. There’s a lot of infrastructure that has to go into place first.

First, you need requirements. What is your IdM solution going to look like? What do the users want? These are your RBAC and IdM blueprints. Developing sound business requirements and getting the users approval on them is critical.

Next are the policies that govern your information security practices. This is your concrete foundation. Without this solid basis to build on, any solution, either manual or automated, will slowly fall apart.

Then come processes to support requesting IDs and their access, reviewing the access, changing the access and removing the IDs and access. Again, these can be automated or manual, depending on the size of your business and maturity of your IdM solution. This becomes the walls, plumbing and wiring of your IdM house.

Next, the data. You’ll need a lot of data. There are different kinds of data that will be critical to getting off the ground. Information about your users & identities and the resources to which they can have access will form the basis for implementing RBAC. The data becomes the water and electricity that flow through your IdM house.

Lastly, you can now acquire your IdM furniture and implement RBAC.

Still not convinced that role-based access is not your IdM house’s furniture? Have you ever heard of a “rug rat”, an “armchair quarterback” or a “couch potato”?