Provisioning is important to keep access under control, as well as Access Governance solutions play a vital role in that game. However, there is a third group of applications which is commonly required: Tools which allow to dive into the details of access controls in specific environments. There are SAP specific solutions and tools for mainframe environments, XACML for standardized entitlement management for custom applications might be counted as well - and there are tools for the world of less structured information, like file servers, Microsoft SharePoint, and others.

These tools are important to enable a detailed analysis of access rights at the level of files, folders, and shares - when looking at file servers. Provisioning helps us to ensure that a user has an Active Directory account and is member of some specific groups. But what are these groups allowed to do - in detail? Some Access Governance solutions might provide some details, but typically not as specific as the expert tools in that area can do. And there are many tools out there. These days I spoke with Protected Networks, but Econet, Tesis, and ASB - to mention just some German vendors - can deliver on this as well, with somewhat different approaches and capabilities. And these are just some examples.

From my perspective, we need a layered approach - Enterprise GRC, Access Governance, Provisioning, and the specific tools for different important application environments. And we need to integrate these tools. That will enable organizations to fulfill the governance needs and compliance regulations at all levels - with an integrated approach and avoiding investing in point solutions.

By the way: If you as a vendor feel that you fall in that category (for AD and file servers, for SharePoint, for SAP), just keep us informed. We might have you on our watchlist but given that this is a market with many smaller vendors in, we might have missed you until now...