Dynamic organisations need to consider role life-cycle models
The main goals that companies want to achieve in security administration are enhanced security at a low cost, while coping with the challenges of an increasingly complex IT environment. A high level of security is important to prevent possible losses through fraud and unauthorised disclosure of confidential information. Internal audits often encounter severe security weaknesses which oblige the IT security department to take appropriate countermeasures.
An increasingly dynamic economy is an additional challenge within this context. The most important issues here are the rapid growth of companies, large-scale mergers, the ubiquity of the internet and continuous organisational change.
As most companies intensify their business of the internet, they are dealing with very large numbers of users. A large insurance company, for example, estimates the number of customers who will have access to its IT resources via the internet during the next three years at some 20 million. Of course, such numbers cannot be administered manually.
During the past years and most likely also in the near future a lot of mergers take place between large enterprises. Such mergers normally involve the integration of both different IT infrastructures and different organisational structures, thus increasing their complexity and their user population.
The role life-cycle
The life-cycle of a role provides an abstract description of the structured, methodical development, modification and maintenance of roles in role-based systems.
The role life-cycle as we perceive it, is based on our previous literature analysis and the practical work with roles during the implementation of the Security Administration Manager (SAM) in large enterprises.
We identified the four stages of:
- role analysis,
- role design,
- role management and
- role maintenance.
Role analysis is the activity of identifying roles as they occur within the target domain in which the system will be placed.
While role analysis is mainly targeted at acquiring knowledge about the current organisational context of a role, role design has to convert this knowledge into concepts that can be used by the later system. This process includes the mapping of roles and design of roles for later administration.
By role management we understand the routine role administration within an organisation. Role management builds on an existing role model and requires the role design phase as described above as a prerequisite.
Organisations are subject to a continuous change process. The reasons for this change vary and some examples would be mergers, acquisitions or business process re-engineering activities. A role structure which was designed and implemented is unlikely to stay unchanged for a long time. By role maintenance we understand changes in the chosen role concept. Such changes occur if, for example, the geographic structure of an organisation which is used as part of the role hierarchy is at a certain point of time not regarded as useful for this purpose any more. Role maintenance activities comprise changes in the mapping of organisational structures to roles and changes in the definition of user-role and role-permission relationships.
Continuous change process
Organizations are subject to a continuous change process. The reasons for this change vary and some examples would be mergers, acquisitions or business process re-engineering activities. A role structure which was designed and implemented is unlikely to stay unchanged for a long time.
According to an iterative-incremental development process these steps are not performed at once in a sequential order. Instead, after having defined the basic role structure, analysis and design will be performed incrementally in cycles for different areas (e.g. a specific organisational unit). Normally one area will be designated for a prototypical cycle which is used to show the validity of the design so that corrections can be made before the complete deployment of roles in the whole enterprise. Afterwards, additional development cycles will be performed for the other areas.
The design is validated early after implementation in a small part of the enterprise so that in case of problems it is not necessary to redesign the complete enterprise role structure. Having implemented roles for one area, these can already be used productively so that easier administration and automation lead to a return on investment at an early stage in the role development process.
Roles are a powerful and policy neutral concept for facilitating distributed systems management and enforcing access control. Models which are now subject to becoming a standard have been proposed and much work on extensions to these models has been done over the last years. When looking at these extensions we can often observe that they concentrate on a particular stage in the life of a role. We investigate how these extensions fit into a more general theoretical framework in order to give practitioners a starting point from which to develop role-based systems. We believe that the role life-cycle of a role could be seen as the basis for such a framework and we provide an initial discussion on such a role life-cycle, based on our experiences and observations in enterprise security management. We propose a life-cycle model that is based on an iterative-incremental process similar to those found in the area of software development.