Technology Report: Access Governance Architectures - 70219
Report Details
Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to facilitate illegal actions, to name just a few. The large number of prominent incidents within the last few years proves the need to address these issues – in any industry. There are an increasing number of tools for Access Governance. On one hand, a number of start-ups have entered the market with specific solutions to Access Governance. On the other hand, existing provisioning products have been enhanced or complemented by specific Access Governance functionality by their vendors.
However, the implementation has to be well thought out, given that there are many different architectural approaches for Access Governance. It is no surprise that the vendors of Access Governance tools tend to position those tools as the core element of at least the IT GRC (Governance, Risk Management, Compliance) infrastructure. From the KuppingerCole perspective, the role shouldn’t be overhyped. Access governance is important with respect to the high relevance of access risks. However, Access Governance might be accomplished using provisioning tools. And, beyond that, Access Governance is just one element within a larger GRC architecture. So Access Governance is important, but it is not only about Access Governance. Much of the success of Access Governance is based on the fact that it provides a much better user experience than classical provisioning and not so much about the added features. This aligns with the KuppingerCole IT Model, which emphasizes a Business Service Layer as interface to the business users, providing exactly the services they need.
Thus, successful implementations require a holistic view of GRC to ensure that all types of IT controls are covered and are well aligned to the business controls. It requires as well a well thought out architecture with respect to existing or planned identity provisioning tools, which can’t be substituted for access governance tools. However, that’s where the biggest value of doing Access Governance comes from. Access Governance is perfectly suited to leverage existing IAM (Identity and Access Management) infrastructures to the next level. The report discusses the different architectural options, their strengths and their weaknesses.
| Date | Title | Price | |
|---|---|---|---|
| Mar 27, 2012 |
Technology Report: Access Governance Architectures - 70219Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to… |
€495.00
excl. VAT
|
Get Access
|
INVOICE
|
|||
Latest Related Reports
Discover KuppingerCole
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Blog
Future-Proofing Your Cybersecurity Strategy
It’s May 25 today, and the world hasn’t ended. Looking back at the last several weeks before the GDPR deadline, I have an oddly familiar feeling. It seems that many companies have treated it as another “Year 2000 disaster” - a largely imaginary but highly publicized issue [...]
Latest Insights
Hot Topics
Spotlight
Learn more
Compliance, Risk & Security
Whether public, private or hybrid clouds, whether SaaS, IaaS or PaaS: All these cloud computing approaches are differing in particular with respect to the question, whether the processing sites/parties can be determined or not, and whether the user has influence on the geographical, qualitative and infrastructural conditions of the services provided. Therefore, it is difficult to meet all compliance requirements, particularly within the fields of data protection and data security. The decisive factors are transparency, controllability and influenceability of the service provider and his [...]