Governance in IAM

We have seen the importance of Identity and Access Management in the present times in a previous blog. Now, going a step further, how does one verify or ensure the IDs are functioning in the proper manner and no user has access beyond of what is needed by them? With the Covid pandemic triggering a new set of challenges and organizations choosing to allow employees to work from the safety of their homes, beefing up the organization security has taken more precedence than ever before.

With most organizations operating globally across geographies, involving plethora of distributed technologies, applications residing in the cloud and private and public networks, compliance and data security measures become even more important. Any breach as such can have far reaching ramifications from financial, brand and legal perspectives even.

Once an identity is established for an individual, it is modified on an ongoing basis depending on the roles the person undertakes in the organization. Periodic audits are mandatory to ensure that the IDs are functioning in the proper manner. This is where Governance comes into picture.

Identity and Access Governance products are typically deployed on top of IAM systems to enable organizations to define, enforce, review and audit IAM policies, map IAM functions to compliance requirements and audit user access, to support compliance reporting

Governance solutions are designed to link people, applications, data and devices to allow organizations to determine who has access to what, what kind of risk that represents, and take action in situations where policy violations are identified. It provides organizations with better visibility to identities and access privileges, and better controls to detect and prevent inappropriate access.

In addition to providing the guidelines, Governance solutions also impose the monitoring mechanisms required to evaluate the access and usage rights of individual users on an ongoing basis and flag off anomalies.

.

Segregation/Separation of Duties (SoD)–

Rules that prevent risky sets of access from being granted to a person. For example, User should not be granted both Purchase Order and even the Approval role for same.

Access Review (Recertification)-

Streamlines the review and verification of users access to different apps and resources. The reviewer(s) may choose to revoke any access if user no longer needs it.

Analytics and Reporting Tools –

Log activities, generate reports and provide analytics to identify issues and optimize roles if required using Role Mining.

IBM’s Identity Governance and Intelligence (IGI), RSA, Sailpoint, Saviynt are few of the leading Governance tools in the market.

Stay tuned for more. Please do leave comments/suggestions if any.