Access control is a key part of cyber security, however traditional approaches do not work well for modern business IT environments that nowadays typically include a mix of applications on-prem and across multiple cloud environments.
Most modern companies tend to struggle with access management for a variety of reasons. These include the fact that it is difficult to make the necessary connections to the many disparate IT systems for which they need to provision access, role-based access management is challenging, static role-based entitlements are difficult to manage and typically require regular recertification processes, and traditional approaches are focused on granting access to resources required by an individual to perform their job function, but do not cover how those rights are actually used to stop any abuse of entitlements.
In addition, course-grained authorization is no longer sufficient because modern applications and sensitive data assets in cloud-native, containerized and DevOps environments require fine grained authorization capabilities that can also supply identity attributes and context variables.
A policy-based approach can address many of the pain points experienced by organizations today by enabling a centralized, consistent, dynamic, on-demand (just-in-time) way of managing access to IT resources. In this panel session we will discuss nothing less than the future of Access Management.
One of the fundamental problems of identity and access governance lies in very unclear relationships between real business needs, access policies and decision making about allowing certain action on the assets. For years we are trying to develop access policies which at the same time corresponds to business expectations, digital security rules and regulations, and people-centric to minimize deviations.
In this session, we will discuss human factor in IGA program and how to provide human factor analytics in access governance using new three-dimensional model called NPR (need, policy and resolution). We will show how NPR reports will help the organization to determine necessary adjustments of the policies and their implementation in Identity Governance workflows and processes to improve maturity, decrease risk of breaches, policy deviations by users and cost of managing and enforcing policies also known as Costidity. We will also show the sample reports based on data from higher education customer.