Technology Report: Access Governance Architectures - 70219

Report Details

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to facilitate illegal actions, to name just a few. The large number of prominent incidents within the last few years proves the need to address these issues – in any industry. There are an increasing number of tools for Access Governance. On one hand, a number of start-ups have entered the market with specific solutions to Access Governance. On the other hand, existing provisioning products have been enhanced or complemented by specific Access Governance functionality by their vendors.

However, the implementation has to be well thought out, given that there are many different architectural approaches for Access Governance. It is no surprise that the vendors of Access Governance tools tend to position those tools as the core element of at least the IT GRC (Governance, Risk Management, Compliance) infrastructure. From the KuppingerCole perspective, the role shouldn’t be overhyped. Access governance is important with respect to the high relevance of access risks. However, Access Governance might be accomplished using provisioning tools. And, beyond that, Access Governance is just one element within a larger GRC architecture. So Access Governance is important, but it is not only about Access Governance. Much of the success of Access Governance is based on the fact that it provides a much better user experience than classical provisioning and not so much about the added features. This aligns with the KuppingerCole IT Model, which emphasizes a Business Service Layer as interface to the business users, providing exactly the services they need.

Thus, successful implementations require a holistic view of GRC to ensure that all types of IT controls are covered and are well aligned to the business controls. It requires as well a well thought out architecture with respect to existing or planned identity provisioning tools, which can’t be substituted for access governance tools. However, that’s where the biggest value of doing Access Governance comes from. Access Governance is perfectly suited to leverage existing IAM (Identity and Access Management) infrastructures to the next level. The report discusses the different architectural options, their strengths and their weaknesses.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Mar 27, 2012

Technology Report: Access Governance Architectures - 70219

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to…

€495.00
excl. VAT
Get Access
Mastercard Visa American Express PayPal INVOICE

Latest Related Reports

Whitepaper

Considerations for Reducing the Risk of Ransomware

In this paper, we will expand our view of ransomware and demonstrate how treating it as an isolated security challenge is not a sustainable approach. We will show why prevention is the best foundation for managing risk and consider some strategies to combat common ransomware tactics. A…

Executive View

ZertID from Sysintegra

Sysintegra ZertID is an IGA solution that is built on top of the ServiceNow platform. It integrates natively with ServiceNow features such as the CMDB and Security Incident handling. By utilizing capabilities such as the data management and workflows of ServiceNow, and with full user…

Whitepaper

IGA auf Basis von IDaaS: Jetzt ein besseres IAM, für jede Art von Unternehmen

In den letzten Jahren ist IDaaS (Identity as a Service) zunehmend zu einer neuen Normalität geworden. Es bietet einen standardisierten, schnell umsetzbaren Ansatz für IAM (Identity and Access Management). Dies ermöglicht es jeder Art von Organisation, insbesondere auch mittelständischen…

Whitepaper

IDaaS-based IGA: The Better IAM Now, for Every Type of Business

In the past years, IDaaS (Identity as a Service) has increasingly become the new normal. It provides a standardized, rapid-to-deploy approach on IAM (Identity and Access Management). It enables every type of organization, including medium-sized/mid-market businesses, to quickly move to a…

Executive View

Omada Identity Suite

Modern Identity Governance and Administration (IGA) solutions need to take traditional IGA further to meet today's customer requirements such as entitlement and onboarding automation or providing insight into access risks. Omada Identity Suite not only supports this with Access Governance…

Leadership Compass

Identity as a Service: Cloud-based Provisioning, Access Governance and Federation (IDaaS B2E)

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting full Identity and Access Management and Governance capabilities for employees in hybrid environments, but also delivering Single Sign-On to the Cloud and providing support for other groups…

Executive View

Gurucul Predictive Risk Analytics

Gurucul Predictive Risk Analytics provides an interesting approach that combines access governance, risk management and the detection of cyber threats. Unlike other solutions that focus on network traffic or technical vulnerabilities this solution focuses on identity, access and user…