In the current environment the push for operational continuity has resulted in an unspoken agreement between the business and IT that compliance can wait until later.
Increasingly I see compliance being used as a commercial differentiator, with purchasing departments asking for company’s current compliance status…
In many organisations the term ‘identity’ no longer applies to just employees and contractors. Valid identities now also include partners, vendors, customers and IOT.
I recently read that 86% of users have too much access. It is a staggering number because most organisations have already adopted a mature access governance framework.
Role Based Access Control (RBAC) is an accepted practice to control the risks of inappropriate access in an enterprise environment. No surprise that in IT circles everyone you talk to has had experience on an RBAC project.
In every organisation there’s people who’ve accumulated access to so many systems, that they can help you with almost anything. Order provisioning, credits, write-offs, approvals, you name it. We’ve all heard it before, ‘If you ask ‘Jason, he can help you with that’.
Business and IT leaders understand that Regulatory Compliance is a non-negotiable. Yet how many times have you seen people in a mad rush preparing for a user access review?
User access reviews go by many names. Some organisations call them access recertification’s, account attestations, entitlement reviews, others call them periodic access reviews or access certifications.
In modern organizations, Compliance is a non-negotiable, and not surprisingly it’s often driven by historical procedures and entrenched processes.
User access reviews are an important part of every Compliance Program. Yet even today, delivering accurate, easy to review user access information is incredibly difficult.