Access Governance Sets the Stage for Information Security and Compliance

Rights Management may not exactly be something new, but the rising demands from internal and external auditors are putting it back in center stage. Organizations are being forced to adopt systematic, open and replicable processes for creating, assigning, and monitoring rights within their systems, not only to ease the admins’ workloads, but also to achieve their compliance goals.

Companies have been doing Rights Management for ages now as part of their overall IAM strategies (Identity & Access Management), mainly with a strong emphasis on the technical issues. Lately, however, the focus has been shifting towards Access Governance instead of simply managing roles and recertifying the processes for distributing user information and certificates.

PxM is also gaining new momentum as organizations worry about the risk posed by giving individual users, accounts and identities carte blanche within their corporate systems. The record numbers of participants signing up for KuppingerCole's webinars on these subjects increasingly speak for themselves: XACML and the related topic of granular authorization management for applications and services is growing more important than ever.

As the list of subtopics and related fields indicates, there is no silver bullet that will solve all your Rights Management problems. Technically, it calls for a concerted effort in all four areas - identity management, rights management, PxM and application authorization management.

However, there is an additional area that is even more important: organization. The question to ask yourself is: What kind of processes do we need? Are those in place capable of fulfilling all our auditors' demands? How do we deal with segregation of duties issues, ensuring that people aren't in effect assigning themselves rights or receiving conflicting ones? And what about risk control? Which verification processes do we have in place? And above all: How do we make sure these policies are implemented correctly and fully within the organization, especially within individual business units?

Flawless Rights Management is no trivial issue. It requires a 360 degree overview of the company and how it needs to manage rights within its systems. Simply looking at the applications is not enough. You need to get the people on the business side interested and involved - always a tricky task. However, it can and must be done.

Consistent Rights Management not only determines whether a company can maintain compliance. It also sets the stage for true information security. And that, after all, is what IT is all about: technology for handling information in a mature and responsible fashion.

„It's about the I in IT, not the T"

Information security is becoming more and more important as companies strive to reduce or eliminate leakage. Plugging the holes is a prerequisite for efficient application development so that they can utilize security functions based on accepted industry standards. And as an added benefit, administrative processes in business and IT get to profit, too.

In order to reach that goal we need to make sure we know where we're heading. By looking at the big picture, we can define a roadmap that will help us, a step at a time, to create a truly secure and efficient organization.


Discover KuppingerCole

KuppingerCole PLUS

Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Stay Connected

Blog

Spotlight

AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]

Latest Insights

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00