Regulation requires organisations to ensure that appropriate controls are in place when accessing financial systems, customer management systems, payments systems and any customer sensitive information. In order to correctly implement an access certification solution, the organisation must understand:
- Who has access to which systems, resources, applications and data?
- Who approved this access?
- How was the access granted?
- When was access last reviewed?
- What mitigating controls are in place for high-risk access?
Access certification is a core component of an IAM solution and is designed to efficiently fulfil audit and governance requirements. Performing a regular manual review or certification of all user access can meet audit requirements but is expensive and time consuming.
Automating an access certification process allows identities to be correlated across the enterprise providing a holistic view of user access and entitlements to specified applications. With this overview, certification events can be triggered to allow the appropriate person within the organisation, such as a line manager, to approve or revoke employee access; automation is a much more cost effective process than manual certification.
Back to Identity & access management.