Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


07:43 AM
Tom King, Chief Information Security Officer, Lehman Brothers
Tom King, Chief Information Security Officer, Lehman Brothers
Connect Directly

Lehman Takes Control Of Provisioning

Lehman Brothers found that managing the complicated process of provisioning and de-provisioning users requires consistent policies and an automated system.

Here's a scenario that's far too familiar. An employee is terminated, but continues to access vital information on corporate servers for days, stealing precious lead lists or worse, acting in the name of the company for personal profit. Meanwhile, a new user joins the company and waits weeks to get access to the right applications.

Even in an expanding economy, no company can afford such productivity losses - nor such risk. Yet very few large enterprises can prevent them. And for many companies, especially multinational ones, the problem is growing worse. As more corporate users turn to Web applications to access corporate data, managing user credentials and authorization has become "a management nightmare," Gartner Research said in a December 2002 report.

Most enterprises still address the provisioning and de-provisioning of users with a motley assortment of disparate tools in multiple locations, inconsistent and unenforceable policies, manual processes, and teams of system administrators. IT and security executives who look critically at provisioning processes and systems recognize their failings and can easily describe a solution: a secure and flexible global-enterprise provisioning system that aligns IT access with overall business goals.

Actually implementing such a system can be a daunting task, but we've done it at Lehman Brothers. We think our success is based on four critical but often overlooked steps:

- Building a solid business case.

- Combining a detailed list of requirements with an on-site proof-of-concept plan.

- Creating a complete user database and set of business rules before beginning development.

- Clearly demonstrating the significant benefits of the system to head off any resistance to adoption.

1 of 6
Register for Wall Street & Technology Newsletters