English   Deutsch   Русский   中文    

Entitlement & Access Governance – the next generation of core IAM

Feb 20, 2014 by Martin Kuppinger

In my new report “Entitlement & Access Governance”, published yesterday, I introduce a new term and abbreviation: EAG for Entitlement & Access Governance. Thanks to Dave Kearns for proposing that term – I like it because it reflects what this is about.

EAG describes approaches that some vendors currently call “Data Governance,” but enhanced and extended. It is about combining fine-grained entitlement management at the system level and the cross-system Identity Provisioning and Access Governance. We see an increasing number of vendors moving in that direction, closing the gap between Identity Provisioning and Access Governance on the one hand and the system-level, detailed management of entitlements on the other.

There always has been a predetermined breaking point between the Identity Provisioning layer (and the Access Governance layer on top of Provisioning) and the system-level entitlement management. While Identity Provisioning typically works on the level of, for instance, Active Directory global groups or SAP business roles, many systems (including Active Directory and SAP) have another system-specific hierarchical entitlement structure below that level. System administrators manage these. If a system administrator changes low-level entitlements - instance.g., the ACLs of a local group that is part of a global group - the Identity Provisioning system will not recognize that, at least not in most common deployments today. It will also become too complex to manage everything top-down, so there is a reason for system-level solutions.

EAG balances these requirements, by centralizing functions such as request and approval while leaving system-specific tasks local. I expect EAG to become the next big evolutionary step in core IAM, with some preliminary solutions already out there.


Author info

Martin Kuppinger
Founder and Principal Analyst
Profile | All posts
KuppingerCole Blog
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live training sessions.
Register now
RTSI asnd Future SOC
Statistics show that most data breaches are detected by agents outside of the organization rather than internal security tools. Real Time Security Intelligence (RTSI) seeks to remedy this.
KuppingerCole CLASS
Trusted Independent Advice in CLoud ASSurance including a detailed analysis of the Cloud Assurance management tasks in your company.
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole