The creation of business roles within IT will ensure that professionals will be better equipped in their positions.
Brian Cleary, vice president of products and marketing at Aveksa, claimed that there is a real issue in changing management competency as organisations are struggling to keep with the pace and they need a collaborative approach.
Cleary said: “How do you make a business aware? IT organisations need to create a business role; this role then becomes a container to bridge the business gap. They need to contain what business applications are needed to contain.
“We want IT security to become process facilitators and orchestrators and not to become the bottom line. The business needs to take ownership of what people have access to because they understand what users should have access for and what they can do, what they should and should not be able to do based on their business role. The access governance process should support validation, segregation of duties and prevent access that is inappropriate.”
He also claimed that with the ability to spot and identify who does not need access, inappropriate access can be cleaned up and orphaned accounts can be spotted. He also said that with this authority they can precipitate product activity, as currently an IT organisation cannot own that, and the business needs to own that and they need to know what control requirements a system needs.
This will then set up a process that identifies business roles, what containers of access it has.
Cleary said: “Technology looks at the compliance problem but organisations that do not have change management in place will make some mistakes again. We need to bridge a language gap where IT knows what is happening.
“If you want access, you can request it based on your role. You can demonstrate which access was allowed and when it was revoked. You can set dates for when access ends and send a notification that says access will be revoked.”
Cleary concluded by claiming that the IT manager needs to become more of a process facilitator and administrator as they are ‘in the process to facilitate'. He also claimed that there needs to be a common language between IT and business, and that the communication barrier has to be overcome.