A Simple Explanation of Access Governance
- 15 November, 2016 07:50
Where is access governance? Everywhere. This is the next step forward in the evolution of what to this point has been known as the identity and access management sector; the coming and future leader of the sector.
Access governance is a different breed than traditional identity management solution. Access governance is more comprehensive and more capable than what we’ve seen in the past. When needing to manage user rights, permissions and peering into the heartbeat of an organization, access governance is the solution for being able to do so.
Access governance technology, clearly the emerging IAM trend for the foreseeable future, is allowing organizations the ability to take a deep dive into the entire goings on. Access governance is the ability to govern who has access to what within an organization and is generally considered much stronger than previous access management protocols since governance implies that the control of access is driven by policy and procedure.
There has been a great deal of advancement and evolution in access and identity management sector in recent years, and as security, automating operations and managing compliance and audits is now more vital to an organization’s survival, there has been far less visibility for those leading these efforts, until now. In a sense, the visibility provided into an organization through identity management solutions simply is not there across all systems.
Users of IAM solutions are discovering that they need more visibility into who can access their key resources and how, if for no other reason than to secure their organization and review use chains in the event an audit is needed; they need additional layers of data so they can measure the outcomes and impacts of who might be doing what when to the organization’s information.
To use somewhat unfavorable colorful pop culture references, access governance acts a bit like big brother so that if an IT leader wishes, he or she can essentially see everything that is taking place throughout an organization. Or, to mix metaphors, IT leaders are beginning to agree with their healthcare counterparts: prevention is often the best medicine.
Access governance provides a broader level of oversight and accountability than is typically afforded to system administrators. Every part of an employee’s history can be tracked, organized and managed. Via Active Directory, for example, access governance means managers can view all accounts from a single vantage point. What this means is that IT managers can pull together and organization’s information, such as who has accounts on what systems, when those accounts were last used, what the accounts enable the account holders to do, and who has responsibility for approving the access provided, all while making it accessible and viewable from one place.
From there, IT leaders can spot vulnerable accounts and cases of excessive access -- and determine what to do to resolve any potential issues found. IT leaders also have a basis from which to perform periodic effective account reviews and to make ongoing decisions about who should retain, lose or be granted access to solutions or solution sets.
Access governance technology allows for tracking accounts on all kinds of systems: databases, shared file systems, data centers, access control, backups, passwords, network devices and printers. The larger and more complex an organization is, the more difficult it is to control everything in the organization. The goal of access governance is to provide that view and control in a way that is easy to manage.
Access governance systems also show a point of view from every system, an overview image that can be taken to the granular level if required. In so doing, you can review accounts on particular systems or applications and you can examine individual employees and review their access to various resources. Users can schedule access reviews and then track when they are complete.
In some cases, users can automate account closures and access requests, making sure these activities are approved by the proper people. Access governance takes on privilege creep (when individuals change responsibilities, but don't shed accesses that are no longer appropriate), stale accounts (accounts that remain after their owners leave the organization), orphan accounts (accounts that don't seem to "belong" to anyone), and shared accounts with no one individual that can claim responsibility for their use.
Access governance means IT leaders can conduct security audits and can review the entire system while also addressing access points so that they might address any problems related to such issues that might come from such a review.
As access governance use expands, gradually envelops and supplants identity management. Access governance, as outlined here, means organization’s IT leaders can peer easily into the entire goings of their operation, which is unprecedented power to protect unlike any other time before. Access governance is currently the prince in waiting, but in the near term it’s likely to assume it positon as the head of the kingdom and its reign will likely be long lived.
Dean Wiech is managing director of Tools4ever, a global provider of identity and access governance solutions including password management, role-based access control and single sign-on. He is responsible for Tools4ever’s US operations, and has written dozens of articles about identity and access management, security, IT audits, strategy, cloud, BYOD, the cloud and managing IT solutions for small businesses to enterprise systems.