Commissioned by Kleverware
Identity and Access Management architectures have been complemented with concepts and architectures for Identity & Access Governance since more than a decade. Located in both the GRC (Governance, Risk Management, and Compliance) and traditional IAM (Identity and Access Management) markets, Identity & Access Governance covers the governance and management of the managed identities (e.g. avoiding orphaned accounts) and access controls in IT systems.
Having an appropriate recertification scheme is a sine qua non when it comes to fulfilling regulatory requirements. Evidence for having completed and documented the required recertification cycles is key when proving compliance to internal or external auditors. However, the challenge is about finding the balance between what you must do for audits and what the organization is capable in doing. That is where many common approaches fail.
Unfortunately, the common approach with focus on complex, time-consuming Access Recertification/Access Review is factually failing. Many businesses haven’t implemented such approach at all, and virtually all that have done so are groaning under the burden of these processes. There are various “flaws-by-design” in that concept, such as the lack of a risk focus or the lack of translating technical entitlements into business language.
These reasons (and several more) tend to render traditional recertification exercises tedious, time-consuming, ineffective and – in the worst cases – error-prone. Some of these issues also apply to other IAM tasks involving business or organizational expertise.
From our perspective, it is overdue to review the established approaches and consider different types of solutions. Identity & Access Governance shall foster business instead of just being a burden. It is about working to the business, beyond working to the auditors – be compliant, but in a way that helps not penaltizes the business.
Kleverware IAG (Identity and Access Governance) is a solution that is focused on rapidly solving the Access Governance challenges businesses are facing today. Kleverware IAG focuses on enabling customers to enforce the least privilege principle and SoD controls across a heterogenous IT landscape and thus fulfilling regulatory compliance requirements. The vendor lays emphasis on delivering a solution that is focused and rapid to deploy, which can exist stand-alone or in conjunction with other solutions the customer has in place.