Skip to main content

Image

enfo-201012
Blog

Take control over access rights

Content sections

PatrikDuckert_1.jpg

Text

The ability to know and to prove that you are in control of who has access to what in your organization feels like a fundamental function. And with user provisioning, we have taken a good step in the automation of identity and access provisioning. 
 

But from a security and review standpoint automation, this leaves a gaps. People change roles, get temporary assignments, and utilize applications that are not part of the user provisioning. The list of scenarios is long where there is a need to strengthen the capability beyond automation. It´s time to have a look at Identity and Access Governance. 

 

Empower the company 

There are two strong pillars around governance. One is the ability to ensure and to prove that you are in control of who has access to what. The second is to empower your organization with delegated administration and self-service functions around access request and approval. The purpose is to make sure that we can ensure that requests for new systems and functions are handled with both speed and control. As we mentioned in previous posts, a key system, like a HR-system, don´t reflect all changes and needs that occurs in the daily life in an organization. One example could be a new cross-function project that is started at a company. Seldom these activities are registered in the HR system, so we need to be able to empower the organization. 

  

Control the access 

The control part of governance is about to stay compliant, and to be able to prove that. Many organizations have implemented periodic access reviews where managers and system owners are asked to validate the current situation. Often this is done on excel sheets and with vague decision support from the tools. To not risk productivity, it´s common to continue with approval even if the user no longer uses the tool. Decisions like these lead to “access creep.” Then when a user moves from role to role, there is a risk that they keep access to tools and access rights witch they no longer need. Here we start to breach a fundamental security tenant, least privilege principle. Users should only have access to tools they need for their current role.  

 

The use of roles 

A good governance tool can connect to several diverse types of systems. A good start is, of course, to the internal identity platform. But we need to connect to the growing application and infrastructure that exists in the on prem, the public and the private cloud services. By collecting as much data as possible, the tool can start working with role mining. Role Mining is a function that helps the company to find structures and permissions that are common and then connect it to roles that the business can relate to. In this way, the allocation and response on request is based on a good decision basis instead of gut feeling and personal preferences. 

The ability to provide businesses with a tool where they can effectively manage access requests is a powerful system. By shortening lead times and making decisions about where they are best decided, you create the best conditions for an efficient everyday life. The digital business places high demands on agility and the ability to execute. With a digital identity in place and with a tool for governance, we want to say that you have the best possible conditions to succeed with that goal. 

If you want to learn more about this topic, go to our service page
 

Patrik Duckert
VP Identity Access Management at Enfo
patrik.duckert@enfogroup.com
LinkedIn

Share