Skip navigation
All Places > Products > RSA Identity Governance & Lifecycle > Blog > Author: Melanie Sommer

This is the first post in a new blog series by Steve Mowll and Chris Williams - ENJOY!


POINT: NEWS FLASH identity management people, HR is not here to feed you with identity data!
Steve Mowll, Systems Engineer, RSA

Identity management teams may believe it is the human resource (HR) department’s responsibility to be an identity management provider. Unfortunately for IT, or fortunately for HR, it is not their job.

HR is a business function tasked with finding and retaining the top talent for a company. They guide new employees – orientating them, helping them achieve career goals and ensuring that payroll and benefits function correctly. For this, they interact a great deal with, and are aligned to the overall business. NEWS FLASH identity management people: HR has a view into employee data, but they are not here to spoon feed IT with the employees’ identity data!

If IT approaches HR in this mindset, the conversation will end poorly. Getting off on the right foot at the start of any project is key to a successful and productive relationship. That’s why we urge you to think differently if you want to use HR data for your identity management system. Here are a few tips:

  1. Involve HR colleagues at the beginning of an identity management project and identify an HR executive stakeholder.
  2. Understand the end-to-end HR processes and data, but make sure you also understand each process’ intention and purpose, not just the flow or process itself.
  3. HR works with the lines of business to define their processes and data. Get involved in the business conversations and relationships that your HR team has. You will have a very hard time making identity management relevant to the business if you don’t.
  4. Understand the value you can add to the HR team and their mission. This is not just about creating and securing access. It’s about getting employees productive from day one. And, it’s about making sure they have the ready and appropriate access to the systems and applications they need to do their jobs.

Lastly, regardless how hard things get, I warn you, never mention Catbert, the evil HR manager!

COUNTERPOINT: HR data is a good resource, but combining highly-descriptive data about people inside and outside of the IT stack can create a more accurate person-record.
Chris Williams, Advisory Architect RSA

Catbert isn’t evil…he’s just misunderstood. Or, is he?

Years ago, before applications became capable of understanding who their authorized users were, most organizations managed a single repository containing “who a person is” and “what is their business function.” Of course, the repository owner was Human Resources. By its very nature, it’s a fantastic facility for all types of people-data: positions, managers, departments, salary, performance, and so on.

Today, many IT organizations are finding complementary, highly-descriptive data about the people inside and outside of their IT stack. Think of all the directories, databases, applications, and enterprise resource planning (ERP) software within your business. Now, add all the external partner, social, and hosted/SaaS services containing people-data. Combined, this data can be used to create a more accurate person-record, while reducing the impact against HR to attain, maintain, and provide that data. The trick is to not manage too much data.

If we apply a few rules about descriptive and relational data learned from infrastructure management projects (think configuration management databases used in an IT Service Management program), we know that we can select (federate) which “attributes” of a person we want to use, and then populate that within a unified person-record within an identity management solution. In this manner, the identity management solution becomes a living system of truth. With that said, there are a few things you should keep in mind when building a federated identity management record set:

  1. Keep it simple – don’t over think how to collect the data and utilize a base data exchange model – but make sure you still protect the data in transit.
  2. Only take what you need – like most data warehouses, the collected information can easily become too large and too difficult to manage.
  3. Have a plan to utilize the data – think about how a person’s attributes will be used to describe who they are, what access they should have, how it helps build roles and rules, etc. Although it may better describe a nuance about a person, if it doesn’t drive a specific access requirement, then you don’t need it.
  4. Leverage what already exists – you will likely find the data you need without having to go to HR directly. Payroll, corporate directories, organization charts, etc. can all provide very rich data sources. If there are complete records, then grab as much as you can thus limiting how many unification sources are needed to build a “complete record.”

Moreover, information security teams can rely on a current unification of the best attributes from the best descriptive data sources – whether they are from IT, HR or a combination of both – comprising the definitive answer to “Who are my users?” And, Catbert won’t be upset with us each time we need a new report.

Watch this video to see how RSA Identity Governance and Lifecycle is helping Ameritas to streamline access delivery and user lifecycle management for employees while improving audit performance. (NOTE: Via Access is now RSA Identity Governance and Lifecycle)

This was a blog published by Jim Ducharme on Feb 13, 2017.


We are at the edge of yet another evolution for the Identity and Access Management (IAM) industry. Applications are being deployed at incredible speeds with user populations demanding access from wherever they are, whenever they want, from any device. The network is no longer clearly defined, in fact, identity is the new perimeter. Regulations and compliance demands are still present, and always growing as are the external threats. The hackers are getting smarter and they have honed in on identity as the best way in – yes, identity is the most consequential attack vector.

As a result, identity is the most important entity to manage, control and vigilantly defend. But not at the cost of slowing down innovation or growth. Users are frustrated and feeling overburdened, IT is losing control and business growth is being hindered.


What is your IT security team to do? Continue business as usual? Try to do the best you can with what you have? Make end users and the business clear more hurdles to deploy their new initiatives and applications?


We think not. At RSA, we want to help you accelerate your business without fear. To replace fear with confidence. To make identity easy, not risky.


Remember when you were young? You approached the world with hope, optimism and imagination –you were not bogged down by insecurities and skepticism. You believed you could be anything you wanted to be if you just did a little hard work.


With a fresh take on your identity and access management strategy and technology, you can get that child-like ambition and freedom to innovate back again. RSA is challenging you to evaluate how you are approaching the areas of identity governance, identity assurance and lifecycle management. What worked a few years ago may no longer serve you well as you strive to meet the needs of today’s modern workforce.


Enter RSA SecurID® Suite.

@RSA SecurID Suite is the industry’s trusted source for multi-factor authentication, a leading provider in the identity and access governance market, and provides business-driven security solutions for over 25,000 organizations today. We are well known and highly regarded for our tokens, but we’re much more than the token company. Our innovations in identity and access assurance (such as risk analytics and context-based awareness) give you the ability to prioritize, to analyze, to act with insight, and to deliver convenient and secure access in a world without boundaries.


Deliver Secure Access in a World without Boundaries with RSA SecurID Access

RSA SecurID Access, the industry’s most advanced identity assurance solution, gives your users convenient access and the ability to innovate, accelerate and collaborate. And, it ensures that people are who they say they are giving you the ability to prevent identity risks from becoming a drag on your business. Today we announced three new editions and flexible configurations to meet the needs of your modern enterprise. Learn more here.


Bring Identity Risk into Focus with RSA® Identity Governance and Lifecycle

RSA Identity Governance and Lifecycle solutions protect your business from the identity and access risks that arise in today’s boundary-less world and enable your dynamic user population to get the access they need when they need it. With RSA Identity Governance and Lifecycle, you can react to the ever-changing identity risks, quantify your ability to mitigate them, and act with insight. We have seamlessly integrated our solutions with RSA Archer®, the industry’s leading business risk management suite, to help customers confidently advance their command of identity risk with a holistic, active view of risk across applications, users and their entitlements. Learn more about RSA Identity Governance and Lifecycle.


Are You Ready to Reimagine Your Identity Strategy?

See what RSA can do for your organization. We are here and ready to help you take your business to the moon – if that’s where you want to go.

Filter Blog

By date: By tag: