Redefining Access Governance: A broader perspective

1 Executive Summary

Reducing the risks associated with entities that have unnecessary access privileges has never been more important due to digital transformation, incre ...

2 Highlights

• Access Governance is an important component of IT security and regulatory compliance.
• Access Governance has never been more important, complex, an ...

3 Access Governance – An overview

Protecting an organization’s key digital assets from unauthorized access and providing evidence of that protection is an increasingly important disc ...

Typically, Access Governance is the combination of a set of essential building blocks supporting an enterprise in the processes of:

• Modelling and ...

4 Typical Access Governance deployment today

Access Governance has been implemented in many enterprises as an important building block of overall governance capabilities, but few organizations ha ...

4.1 User and access life cycle management

The management of corporate identities and their access to resources is the combination of both IAM
technology and the application of well-defined pr ...

4.2 Role management

Many organizations are developing and deploying roles without an overall role management process in place. As a result, role management is often focus ...

4.3 Access Request Management and Recertification

Manual controls based on attestation and recertification processes are important building blocks in corporate Access Governance systems. They form a m ...

4.4 Auditing and Automation

Several existing Access Governance systems have added auditing capabilities to inspect for compliance with internal controls, which include automated ...

4.5 Shortcomings of typical compliance-focused Access Governance Solutions

An appropriate entitlement recertification scheme is essential for meeting regulatory requirements. Evidence for having completed and documented the r ...

5 Redefining Access Governance

Beyond a strictly compliance-oriented regime, Access Governance needs to be redefined and redesigned to meet the changing requirements for Identity an ...

5.1 Improving existing Access Governance and recertification processes

With the first steps already made in many organizations, the following questions require appropriate answers to transform current Access Governance ap ...

5.1.1 Improving existing Access Governance and recertification processes

A growing number of applications within an organization implementing all kinds of business processes means that the number of roles and entitlements i ...

Applying a common set of criteria with an overall metric for the level of risk to all entitlements across your business is key for understanding an or ...

5.1.2 Time-limited assignment of high-risk access

Which brings us back to reducing and distributing the recertification workload: Once a risk-based approach as described above is in place, it has to b ...

5.1.3 Re-request instead of re-approval

Requesting an entitlement usually means asking for a privilege for an unlimited amount of time or at least until the next recertification deadline. Af ...

5.1.4 Event-triggered processes complementing scheduled reports

One of the key requirements for modern organizations is agility: the quick response to changes in business, the underlying organization, processes, se ...

5.2 Access Intelligence and Automation

It is obvious that these new types of checks cannot be executed manually. For many types of events this requires access to near real-time data or actu ...

5.2.1 Complementing Access Governance with Access Analytics and Access Intelligence

A variety of vendors provide appropriate tools to implement Access Intelligence functionality. The actual product design can vary. Several vendors hav ...

5.2.2 Continual analysis and new types of controls

Implementing Access Governance, Analytics, and Intelligence systems allows a new category of controls, based on the automated application of rules and ...

5.2.3 Quick win findings

Issues and risks that are otherwise difficult to identify are typical quick win findings when introducing Access Intelligence, which highlights:

• A ...

5.2.4 Management and audit transparency through reports and dashboards

With Access Governance information being available on a daily or even up-to-the minute basis, a completely new quality of evaluations and reports is m ...

6 Considerations for future Access Governance

Since the introduction of most existing governance solutions, the Identity and Access Management environment has changed fundamentally. New roles, e.g ...

6.1 Dynamic Authorization Management

Dynamic Authorization Management (DAM) is aimed at simplifying access management by externalizing policy-based authentication and authorization decisi ...

6.2 Data Governance

Data Governance, formerly often referred to as “Entitlement and Access Governance (EAG)”, describes solutions that add support for fine-grained en ...

6.3 Privilege Management

Managing and monitoring elevated access rights is the domain of Privilege Management Systems. Internal users abusing their entitlements deliberately o ...

6.4 Integration into corporate GRC environments

With the scope and potential functionality of Access Governance and Access Intelligence architectures being substantially extended, the integration wi ...

6.5 IDaaS and federation

Adapting to changing Identity and Access Management requirements in many cases requires IAM to be available outside of the organization’s perimeters ...

6.6 Identity Fabric

In the light of the proliferation of identities and identity types that modern enterprises need to deal with, KuppingerCole Analysts recommends that o ...

In this context, we use the term “fabric” to describe a set of connected IT components that work together as single entity. An Identity Fabric, th ...

Identify Fabrics are focused on delivering the APIs and tools required by the developers of the digital services to support advanced approaches to IAM ...

7 Recommendations

Compliance with regulatory requirements remains a key goal of Access Governance, but there is also much potential for improving overall security, comp ...

8 Related Research

Leadership Compass: Infrastructure as a Service - 70959
Leadership Compass: Privileged Access Management - 79014
Leadership Compass: Cloud-based MFA Solutions - 70967
Leadership Compass: Cloud Access Security Brokers - 70614
Leadership Compass: Access Governance & Intelligence - 71145
Advisory Note: Access Governance Architecture - 71039
Advisory Note: Maturity Level Matrixes for Identity and Access - 70738.
Buyer’s Guide: Endpoint Protection - 80110
Buyer’s Guide: Hybrid Cloud Services - 72562
Webcast: The Perils of Today’s Approach on Access Governance