David Lacey writes on his IT Security Blog about “the elephant in the room” problem of organizing and managing user access to computer systems in large, dispersed organizations. It’s “a problem,” he says, “that is highly significant, but difficult to tackle so business is reluctant to acknowledge it. If it wasn’t for compliance and internal audit the situation would be even worse.”
None of the theoretical access models that have been developed “over the years” are really up to the challenge, Lacey feels. “The end result is that it doesn’t get done properly. Instead we fudge it. We do the minimum we can to keep it going and rarely get around to developing the rich policies, knowledge base and streamlined processes needed to build a sustainable, effective access control system.”
Looking for an opportunity, Mr. or Ms. High Tech Pro?