August 21, 2014

Why Role-Based Access is Fundamental for Enterprise Project Management

Written by
Why is TechnologyAdvice Free?

It’s safe to say managing projects at an enterprise level is a daunting series of tasks. The projects are often complex. There are typically many users. In addition to striving for organization and efficiency at scale, project managers and administrators must factor in the security risks inherent in managing such large teams. All of these challenges support the need to choose an enterprise project management platform with robust permission settings that fits into a role-based access framework.

For the unfamiliar, role-based access control is a model for scaling access to IT resources. Instead of creating a unique set of permissions for each user – a recurring task that would be a huge drain on administrator’s time – enterprises create permission standards for the role each user occupies in the organization. Users are still granted the access they need to effectively complete their tasks, while administrators don’t have to spend time micromanaging how each user interacts with the project management software.

But enterprise project managers are not just concerned with preventing users from disrupting the efficiency of the project, they must also factor in security. Given the amount of information shared across enterprise projects – not to mention the proprietary nature of this information – security is something enterprises must consider. The importance of such measures is an even larger concern given the growing popularity of bring-your-own-device (BYOD) policies.

In fact, one of the worst data breaches in recent memory resulted from a situation similar to BYOD. In 2006, the Department of Veteran Affairs’ database was breached after a VA analyst had his laptop and external hard drive stolen as a result of a home burglary. Through the stolen firmware, the thieves gained access to Social Security numbers, dates of birth, and disability ratings for some 26.5 million veterans and their spouses.

The VA estimates it cost between $100 and $500 million to prevent further damage and cover their losses.

While the theft of the analyst’s laptop was compounded by other security mistakes –for example, the information in the database was unencrypted – similar situations could happen to enterprise employees. Implementing a role-based access framework is just one piece of a larger information security framework, but an important one.

To make implementation of such security measures easier, many project management platforms targeted at enterprise organizations already include extensive role-based mechanisms. For example, SuccessFactors, an enterprise project management platform focusing on human capital management, has an access framework built into their software which they’ve branded as Role-Based Permissions (RBP). SuccessFactors’s RBP is particularly robust in that it allows administrators to assign and customize permission in each field, based on user groups. This makes it easier to quickly set up role-based access. User groups can be distinguished by a list of criteria that includes geographic location, department, division, job code, team view, and more.

Further, SuccessFactors differentiates permission access by roles, such as Managers, HR Managers, Matrix Managers, and so on. Managers with specific access can view permission reports that list all of the permission granted to various user groups, and even to individual users. With this level of granularity, it’s important to thoroughly develop and vet a role-based access framework before it is implemented.

Most project management platforms – whether for enterprise or for SMBs – are now deployed in a Software as a Service format, which makes it simple for employees to gain remote access. While this access does offer benefits for the enterprise in terms of productivity and collaboration, it must be weighed against teh potential for a security breach, which could lead to significant information loss.

Role-based access represents a foundational piece of any enterprise information security framework, making its presence in an enterprise project management platform paramount.

Technology Advice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don't pay us.