One issue that regularly separates the IT department from the business is the fact that the end users need the IT department to provision access to specific files and applications. This, in turn, puts a lot of pressure o the IT department because in all honesty, the people in the IT department are not savvy enough about the business to rightfully determine who should have access to what.
As noted in an earlier post, the end result, all too often, is that someone gains access to information they shouldn't have, and then everybody stands around and blames the IT department for letting this happen.
The good news is that we're finally making some real progress on allowing the business users to self-service their own applications. This may not solve the problem of who has the right to access what, but it does push responsibility for determining who should have access to what information back to where it belongs, on the business side. It's the responsibility of the IT department to deploy and manage these applications, but it should really be up to the owners of those applications within the business to decide who should ultimately have access to them. The reason this hasn't taken place is that it's been too complex for business people to do that for themselves, so they needed to call on somebody in IT to do it for them.
But now we're starting to see a raft of vendors making it easier for business users to provision their own applications. Citrix has rolled out a self-service Dazzle application store. Aveska has created an application governance framework for business users. SailPoint has a similar capability in its access control platform and Quest Software has released ActiveRoles 6.5, which now includes a graphical workflow model that makes it easier for business people to assign application access rights to end users.
What all this means is that IT can step out of the process of managing who has the right to access what information. All IT needs to really do is deploy and manage the application, and then create a facility through which the business side can easily assign somebody to manage the process of giving people access to applications via a tool provided by IT.
Given the fact that people in the IT department spend an inordinate amount of time handling change requests for application access, the fact that business people can now do this on their own should come as a welcome relief.