Access Verification - A Step in Managing Risk
Companies' that work to mitigate risk in their business face numerous identity and access management challenges spanning Access Governance, Access Provisioning, and Access Compliance, but with each organization each of these areas will be prioritized differently. As you build your strategy it's important not to attack each challenge as if it were stand-alone and unaffected by other business imperatives. In other words, it's critical that your solutions allow you to "start anywhere" based on your unique business drivers and requirements, but also allow you to "go anywhere" in order to gain greater value by addressing the broader goals of your organization.
Take for example a company unable to demonstrate that their employees have only the minimum required access to company resources to do their jobs. On the surface this seems to be a straight forward access verification challenge of identifying who has access to what resources, and then asking the managers in the organization to vet the access, right? In actuality, this is just part of the process needed to appropriately assure that ONLY the right people have the right access to the right resources and are doing the right things with it.
When delivering an access verification solution you need to ask yourself, "How will we manage all the exceptions that it will clearly uncover?" And, "How will we manage it over time and in an automated fashion to accommodate the changes constantly taking place in our business?" The ultimate goal should be to enable the verification AND remediation of access regardless of your environment. Sure, you need to be able to send email alerts and link to help desk systems, but you also should have the ability to automatically change, disable, or delete access directly for any resource, with or without an existing automated provisioning solution. This approach will make your business more agile and effective (easier compliance adherence, increased efficiency and effectiveness) and at the same time reduce risk for the organization.
A "start anywhere, go anywhere" approach is a cornerstone of Access Assurance and is especially critical to success in today's environment where all businesses need to show incremental value on the way to their ultimate goals. Delivering successful programs that are cost effective, easy to manage, and deliver business results quickly, are great ways to increase security, compliance and business value, as long as they are an integrated part of your access assurance strategy. Not to mention, having multiple "wins" under your belt is always nice to have when requesting your next round of resources.