Identifying stakeholders in access governance
Information security to us is about managing who can have access to what and why that is. IAM, Identity and Access Management, is often seen as the single profession to manage this who, what and why.
Our Perspective on Identity & Access Management
We believe otherwise. Managing identities and managing access cover lots of ground in different domains.
Identity Management
Identity management is all about automating joiner, mover, and leaver processes in an identity lifecycle. It is about workforce management, customers and consumers, things, every single object or service that may need to get access to whatever needs to be secured.
Access Management
Access management is different. Access management is all about handing out the keys to the castle. But who is allowed to hand out the keys, and to what part of the castle? And why would anyone hand out the keys?
Importance of the ‘Why’
The ‘Why’ part in essence, is overlooked. Managing identities by implementing an Identity Governance and Administration solution can help manage the Who. And such a solution can also manage authorizations in roles, taking care of the What.
A challenge for Access Governance
Why does someone get a role or an authorization? “Why does a role contain an authorization”, is a question that cannot easily be answered, leave alone that there is a person who can answer the question. This is the access governance issue that needs to be managed.
Identifying Accountability
In our whitepaper Identifying the Stakeholders in Access Governance we do not present the answers to the questions, but we present a method to identify the persons who should be held accountable for answering the questions.
Enjoy the read and if you like to comment, feel free to do so!