Enterprise Role Management (ERM)

An identity and access management (IdAM) infrastructure should include abstraction layers for administering user populations and controlling access to resources. Effective and scalable administration, seamless policy enforcement, and increasing compliance requirements are strong drivers for administration staffs to leverage enterprise role management (ERM) models. ERM goes beyond the basic process of simply assigning user IDs and passwords; it's about putting users into manageable roles, each with specific access privileges.

ERM is based on the principle of role-based access control (RBAC), where access is granted not only based on an individual's unique access privileges, but also on those of the roles to which the individual belongs. ERM isn't tied to a single platform, and it operates at a higher level than a single system.

Description
Across a wide range of industries, InfusionPoints has made the mission of our clients "our mission," and we apply this in-depth understanding of client-specific objectives, resources, and constraints to support ERM mission requirements.

Our consultants specialize in developing ERM solutions to protect sensitive consumer, employee, and partner information without losing sight of cost and efficiency. InfusionPoints' teams provide the entire range of technical and management skills to support multi-level security systems, electronic key management systems, Identity and Access Management, and Internet-based solutions designed to support global-scale implementations. Services Include:

  • Role Based Access Control (RBAC) Modeling
  • Role engineering
  • Role mining and discovery
  • Organization and business role modeling and management
  • IT role modeling and management
  • Role reconciliation
  • Policy definition and management
  • Role and policy publication: Making this information available using standard interfaces for maturing ERM infrastructure.
  • Role integration with identity, policy, workflow, and authorization solutions
  • Attestation and compliance collection and reporting
  • Activity monitoring and correlation

Role discovery and implementation projects should be approached with a well-thought-out plan that clearly defines the project scope, assigns adequate resources, develops an architecture model, and includes ongoing lifecycle maintenance. The architecture model should define the guidelines for determining the mixture of roles, rules, and other policy constructs for a coherent implementation of security controls.

Our Full Lifecycle Services

We leverage our IT frameworks to infuse security into multiple points throughout our client's business solution lifecycle, by providing IT Consulting, Cyber Security and Technology services including:

From the Blogs

  • An Adventure in Cloud Security

    Feb
    08

    I recently registered for a website hosted by a government agency that handles some of the most sensitive personal information available within U.S. Government. While the site is only a simple scheduling system, imagine my dismay when I received an email confirming my registration that included both my username in password in the email body. That email demonstrates that, despite all of the reported attention to security over the past several years, especially within the Federal Government, we are failing to build an effective information security culture.

    Posted By Michael Figueroa read more

  • Google and Business Data Privacy

    Jan
    26

    As just about everyone who reads the news knows, Google announced on Tuesday, January 24, 2012 that it would merge the data it collects from individual users across all of its properties starting March 1, 2012. Basically, Google will be able to better anticipate how to direct individual user activities to best serve their needs, building a grand database of all user activity and behaviors. The question that few are asking, though, is what the impact will be on businesses. That's where things get really complicated.

    Posted By Michael Figueroa read more

  • More evidence that Multi-Factor authentication is no Panacea...

    Jan
    16

    I've always been a strong proponent of the judicious use of strong authentication. Due to the government's push to introduce smart cards (known as HSPD-12), and industry standards like PCI, multi-factor authentication is becoming increasingly common for certain system access scenarios across a wide range of organizations.

    Posted By Jason Shropshire read more

Pages

InfusionPoints, Your Independent Trusted Advisor

We founded InfusionPoints to be our clients' first choice for an independent trusted partner to build secure systems that protect their employee's, partner's and customer's data