Technology Report: Access Governance Architectures - 70219

Report Details

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to facilitate illegal actions, to name just a few. The large number of prominent incidents within the last few years proves the need to address these issues – in any industry. There are an increasing number of tools for Access Governance. On one hand, a number of start-ups have entered the market with specific solutions to Access Governance. On the other hand, existing provisioning products have been enhanced or complemented by specific Access Governance functionality by their vendors.

However, the implementation has to be well thought out, given that there are many different architectural approaches for Access Governance. It is no surprise that the vendors of Access Governance tools tend to position those tools as the core element of at least the IT GRC (Governance, Risk Management, Compliance) infrastructure. From the KuppingerCole perspective, the role shouldn’t be overhyped. Access governance is important with respect to the high relevance of access risks. However, Access Governance might be accomplished using provisioning tools. And, beyond that, Access Governance is just one element within a larger GRC architecture. So Access Governance is important, but it is not only about Access Governance. Much of the success of Access Governance is based on the fact that it provides a much better user experience than classical provisioning and not so much about the added features. This aligns with the KuppingerCole IT Model, which emphasizes a Business Service Layer as interface to the business users, providing exactly the services they need.

Thus, successful implementations require a holistic view of GRC to ensure that all types of IT controls are covered and are well aligned to the business controls. It requires as well a well thought out architecture with respect to existing or planned identity provisioning tools, which can’t be substituted for access governance tools. However, that’s where the biggest value of doing Access Governance comes from. Access Governance is perfectly suited to leverage existing IAM (Identity and Access Management) infrastructures to the next level. The report discusses the different architectural options, their strengths and their weaknesses.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Mar 27, 2012

Technology Report: Access Governance Architectures - 70219

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking to…

€495.00
excl. VAT
Get Access
Mastercard Visa American Express PayPal INVOICE

Latest Related Reports

Advisory Note

Advisory Note: Redefining Access Governance - Beyond annual recertification - 72579

Improve your level of compliance, gain up-to-date insight and reduce recertification workload. Add business risk scoring to your Access Governance Architecture, focus attention on high-risk access and extend your existing infrastructure to provide real-time access risk information. Re-think…

Executive View

Executive View: RSA Identity Governance and Lifecycle - 72503

RSA Identity Governance and Lifecycle is a complete solution for managing digital identities, both inside and outside the enterprise. The RSA solution covers all aspects of governance from attestations to policy exceptions and identity lifecycle, from provisioning to entitlement assignment…

Executive View

Executive View: Protected Networks 8MAN - 71520

8MAN ist eine Access Rights Managment-Lösung für Windows-Umgebungen. Der Fokus liegt auf der Analyse von Berechtigungen und ihrer Verwaltung in solchen Umgebungen. Damit fällt 8MAN in die Kategorie von Entitlement & Access Governance-Lösungen und kann bestehende…

Executive View

Executive View: EmpowerID Office 365 Manager - 71322

EmpowerID Office 365 Manager is an Identity and Access Management solution for Office 365 providing single sign-on, user provisioning and administration, and access governance functions in a single integrated package.

Executive View

Executive View: Atos DirX Identity V8.5 - 70896

Atos DirX Identity encompasses a rich feature set for all areas of Identity Management and Governance. Its comprehensive business and process-driven approach includes very strong modelling capabilities of the organisational structure and user relationships thus providing the foundation for…

Advisory Note

Advisory Note: Turning inattention into intention - 71501

How IoT will help drive the development of Life Management Platforms and affect your company’s future relationship with its customers.

Advisory Note

Best Practice: European Identity Award 2015: NORD/LB - 71401

EIC Award 2015 for Best Access Governance / Access Intelligence Project: Implementation of a large-scale, state-of-the-art Access Management and Access Governance project improving the bank’s compliance and efficiency while transitioning to “IAM as a Service” as a modern…

Leadership Brief

Leadership Brief: Alternatives to complex role projects and resource-consuming recertification - 72009

Enterprise Role Management and Access Governance are at the core of today's IAM systems to achieve efficient administration processes and compliance with regulatory requirements. Costly processes for the design and maintenance of large role-based projects and for extensive annual…

Advisory Note

Advisory Note: Redefining Access Governance - 71185

Improve your level of compliance, gain up-to-date insight and reduce recertification workload. Add business risk scoring to your Access Governance Architecture, focus attention on high-risk access and extend your existing infrastructure to provide real-time access risk information. Re-think…

Executive View

Executive View: Courion Access Governance/Risk Products - 71046

The GRC triumvirate (Governance, Risk and Compliance) have long been mainstays of Identity Management (IdM). In fact, IdM has mutated into Identity and Access Management (IAM) as well as Identity and Access Governance (IAG).  Access Governance remains one of the fastest growing market…