Home Products Solutions Partners Customers News & Events Resources Corporate Contact Us
Read a Customer Story
Download a Brochure
5C�s of Role Management
Request More Information
Sign Up for Announcements
Request a Demo
Enterprise Role Management
Role-based Identity Management
Entitlement Compliance Management
Privileges Quality Management
Identity Management Preparation and Gap Analysis
Eurekify Sage Survey
Single Platform Solutions
�We have used Eurekify's Sage to build a few roles for thousands of users. It is clearly an easy method to create roles and maintain them�, Peter Zuenti, Consultant.
�Sage Discovery and Audit provides a quick and easy insight of the authorizations within a company�s infrastructure. Sage helps customers realize the benefits of RBAC�, Koos Jennekens, Senior Consultant.
�Sage provides instrumental tools for managing Roles. With Sage, our customers can very simply and quickly add new Roles or modify current ones according to organizational demands�, Franco Rasello, CEO.
�In order to control user permissions as well as being compliant with regulations, the Identity Management solution alone is not enough. The right way to start with a provisioning solution should be optimizing Roles�, Franco Rasello, CEO.
"In my experience, role-based management is critical for achieving the true benefits and ROI of Identity Management implementation.", Marc Sel, Director - Security Solutions, PwC Belgium.
�We have made incredible leaps forward by applying Eurekify technology to speed up the process aimed at pinpointing user profiles and roles�, Rob Bus, Managing Director.
�Sage is the perfect tool for assessing specific needs within a large organization. It is also important for attaining administrative efficiency, reduce employee downtime and to improve security�, Ophir Zilbiger, CEO, Secoz Ltd.
�Role definition applications can significantly reduce the cost of the process (by 40-60% according to a leading systems integrator). To our knowledge, Eurekify and Beta Systems are the only vendors in this space.�, Michael Tieu and Andrey Glukhov.
�From Years of experience in implementing enterprise user administration systems in large environments, we strongly recommend a structured and business-aligned approach to the implementation method...�, Jesper Oestergaard, CEO.


Enterprises have always struggled with keeping privileges to their IT systems in good order. With millions of access rights, this has been very difficult, especially during periods of restructuring, and whenever new applications are introduced. A recent survey shows that most organizations believe that at least 20% of their privileges are incorrect. As a result, organizations experience

  • Lack of control over privileges – it is difficult to respond to simple questions such as who is allowed to do what, and why
  • Significant security issues – wrong privileges are an open door to improper use
  • High costs of  privileges administration – It is very difficult to manage up to 50 privileges per user, on a variety of systems and platforms
  • Lower level of service to business users – it takes more time to provide accurate access to legitimate users

Most enterprises today consider Role-based Access Control (RBAC) -- the management of IT privileges in accordance to business roles -- as best practice and as a solution to the privileges quality and control issues. In a role-based environment, 500 roles may replace  a million individual access rights, making it easier to manage and maintain. Furthermore, roles correspond to business practices, and as such enhance collaboration between business and IT.

Since 2002, Eurekify has pioneered the use of role management as an independent enterprise paradigm, as well as for Identity Management and Compliance projects, as well as for the management of privileges in various enterprise platforms.

The Need

Enterprises wish to align IT privileges with Business Roles

  • To gain control over privileges and ensure that they are granted based on business needs
  • To respond to regulatory requirements (such as Sarbanes-Oxley, HIPAA, Basel II, Gramm Leach Bliley, etc)
  • To enable effective deployment of Identity Management and Automated Provisioning systems
  • To reduce exposure to misuse and other security risks
  • To increase productivity and responsiveness of security administration teams

The 5Cs of Role Management

Customers and analysts have defined the 5 main capabilities (5C’s) that are required from an Enterprise Role Management solution:

  • Control – Quickly gain enterprise-wide view of “who’s doing what and why
  • Create – Rapidly build a role based model according to business needs, and then continuously adapt it as the business changes
  • Comply – Promptly comply with policies and regulations, prepare for audits, and certify by auditors and business managers… as they change
  • Correlate – Continuously correlate privileges to detect inconsistencies, exceptions, or changes in model, assisting all stakeholders all the time
  • Collaborate - Provide IT and business managers a collaborative environment to review, certify, and manage violations and conflicts between existing privileges and stated policies, and to analyze risks

Key Deliverables of Eurekify Sage ERM

  • Review and query privileges immediately. Covering any and all systems and applications, at any level of granularity.
  • Create and/or critique a role-based privileges model more quickly than with any other tool or methodology.
    • Use Eurekify pattern recognition technology to automatically discover business and IT roles and rules, or to design and refine roles based on business analysis.
    • Top-down and bottom up. Role-based and rule-based. Organizational, functional, project-oriented, applicative roles, and more
  • Automate periodical privileges review and cleanup processes. Identify, review, and track exceptional access based on a variety of pattern-oriented analyses.
  • Automate periodical verification and demonstration of compliance with segregation of duty (SoD) rules and other IT controls.
  • Automate periodical privileges certification/attestation processes quickly and easily. Business line managers can easily review and make requests over privileges of subordinates and/or privileges to resources they own.

Eurekify Approach to Enterprise Role Management

Eurekify Sage ERM is an analytical enterprise platform that enables collaboration between role managers and security administrators, business managers, and auditors

Eurekify uses a classical IT management cycle consisting of "assess, adapt, and approve" actions to create, and then to continuously maintain and approve the role-based privileges model. As part of this cycle, Eurekify's pattern recognition technology is first used to assess the current situation, then to assist in the construction of role definitions and/or ongoing adaptation of roles and of individual privileges, and finally to involve the relevant stakeholders in the approval and certification of relevant changes. This role management cycle is repeated continuously to assure that the role-based privileges model remains in sync with the business on one hand and with the IT systems on the other hand.

Role Management Cycle

Analytics are Critical to Effective Role Management

Eurekify's advanced analytical technology was developed based on our experience and in order to substantially improve the role management processes required to address the 5Cs. Without sophisticated analytics, many role management processes are very difficult, and may even be infeasible

  • Control – Without clearly mapping privileges, commonalities, and exceptions, one cannot be sure to gain control
  • Create – Without automated discovery of role candidates, role engineering is extremely laborious and error prone
  • Comply – Without automated identification of exceptions and violations, one cannot demonstrate compliance
  • Correlate – Without automated detection of changing patterns, as well as new inconsistencies, one cannot adapt to business changes, and cannot balance business and security needs
  • Collaborate – Without automated detection and highlighting of the most pertinent changes and exceptions, one is not empowering business managers, but merely setting them up with an impossible certification task

Back to top of Page

Identify your own IdM needs Prepare for IdM project & evaluate alternatives Make your existing IdM deploument Role-Based Audit existing privileges, roles and policies