Whitepaper

A Lean Approach on Identity & Access Governance

Identity & Access Governance is a must for every business. Unfortunately, the way it is commonly done today is inefficient and cumbersome. It is latest time to review the approaches on Identity & Access Governance and implement lean concepts that help businesses to comply in an efficient manner, while also effectively mitigating business risks that derive from excessive entitlements. Kleverware IAG is a solution that focuses on such lean approach.

Martin Kuppinger

mk@kuppingercole.com

Commissioned by Kleverware

1 Introduction

Identity and Access Management architectures have been complemented with concepts and architectures for Identity & Access Governance since more than a decade. Located in both the GRC (Governance, Risk Management, and Compliance) and traditional IAM (Identity and Access Management) markets, Identity & Access Governance covers the governance and management of the managed identities (e.g. avoiding orphaned accounts) and access controls in IT systems.

Having an appropriate recertification scheme is a sine qua non when it comes to fulfilling regulatory requirements. Evidence for having completed and documented the required recertification cycles is key when proving compliance to internal or external auditors. However, the challenge is about finding the balance between what you must do for audits and what the organization is capable in doing. That is where many common approaches fail.

Unfortunately, the common approach with focus on complex, time-consuming Access Recertification/Access Review is factually failing. Many businesses haven’t implemented such approach at all, and virtually all that have done so are groaning under the burden of these processes. There are various “flaws-by-design” in that concept, such as the lack of a risk focus or the lack of translating technical entitlements into business language.

These reasons (and several more) tend to render traditional recertification exercises tedious, time-consuming, ineffective and – in the worst cases – error-prone. Some of these issues also apply to other IAM tasks involving business or organizational expertise.

From our perspective, it is overdue to review the established approaches and consider different types of solutions. Identity & Access Governance shall foster business instead of just being a burden. It is about working to the business, beyond working to the auditors – be compliant, but in a way that helps not penaltizes the business.

Kleverware IAG (Identity and Access Governance) is a solution that is focused on rapidly solving the Access Governance challenges businesses are facing today. Kleverware IAG focuses on enabling customers to enforce the least privilege principle and SoD controls across a heterogenous IT landscape and thus fulfilling regulatory compliance requirements. The vendor lays emphasis on delivering a solution that is focused and rapid to deploy, which can exist stand-alone or in conjunction with other solutions the customer has in place.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.