Accelerating the Deployment of Security Service Infrastructure with Collective Intelligence and Analytics

With the increasing complexity of IT outsourcing environments thousands of servers and their configurations are increasingly managed by globally distributed teams. This requires a flexible identity access management process in place to efficiently provision necessary access rights for a given system, only if users need it, when they need it and for only as long as they need it. In this paper we present a novel approach to discovering required role permissions by integrating system data and enterprise crowdsourcing (a process where a group of experts solve problems through collaboration). By mining server registries, compliance repositories (such as user revalidation records), we derive a set of servers and the respective access rights for each team member. This data is then validated and updated by one or more team members using the principles of crowdsourcing. We show that this approach improves the role discovery process and accelerates the deployment of the security service infrastructure.

By: Maja Vukovic, Christopher Giblin, Sriram K. Rajagopal

Published in: 2012 IEEE International Conference on Services Computing (SCC), Los Alamitos, CA, IEEE Computer Society, , p.625-32 in 2012


This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.


Questions about this service can be mailed to .