What is access governance?

A brief deep dive:

Access governance is the evolution, the next great step if you will, in the iden
tity and access management world. Access governance is a more robust, holistic a
pproach to managing user access, network shares, permissions, and allows organiz
ations to peer easily into the entire goings on of an organization. Access gover
nance is like king of the hill, where the view is long and clear and there s littl
e that can knock it down.
Computer Weekly describes access governance as governing who has access to what w
ithin an organization. That s a bit of a thin description once you get into the det
ails, but it s a good start. The magazine describes access governance as a strateg
y that is much stronger than access management since governance implies that the cont
ol of access is driven by policy as well as procedure. Fair enough.
First, some background. Those of us in the identity and access management and no
w the access governance game, know that there s been a great deal of advancement a
nd evolution in this sector in recent years.
While the solutions have done a great deal to enhance security, automate operati
ons and manage compliance and audits, among other tasks, the solutions have allo
wed IT leaders to tick off boxes on their checklist of needs that need to be man
aged, but they are quite singular in their approach. In a sense, the visibility
provided into the entirety of the organization simply is not there across all sy
stems. We, our clients and users of IAM solutions are discovering that they need
more visibility into who can access their key resources and how.
Access governance simply (or not so simply) provides a broader level of oversigh
t and accountability than is typically afforded to system administrators. Accoun
ts configured, or created, access rights assigned or solutions used by users, ca
n all be tracked, organized and managed. Via Active Directory, for example, acce
ss governance means managers can view all accounts from a single vantage point.
What this means is that IT managers can pull together and organization s informati
on, such as who has accounts on what systems, when those accounts were last used
, what the accounts enable the account holders to do, and who has responsibility
for approving the access provided, all while making it accessible and viewable
from one place.
From there, users can spot vulnerable accounts and cases of excessive access and d
etermine what to do to resolve any potential issues found. You also have a basis
from which to perform periodic effective account reviews one of the underpinnin
gs of good security and to make ongoing decisions about who should retain, lose,
or be granted access.
Access governance technology allows for tracking accounts on all kinds of system
s access to applications, databases, shared file systems, data centers, access c
ontrol, backups, privileged passwords, network devices, and printers. The larger
and more complex an organization is, the more difficult it is to control everyt
hing in the organization, thus, the goal of access governance is to provide you
that view and that control in a way that is easier to manage.
Access governance systems also show you a point of view from every system, an ov
erview image that can be taken to the granular level if required. In so doing, y
ou can review accounts on particular systems or applications and you can examine
individual employees and review their access to various resources. You can sche
dule access reviews and then track when they are complete. In some cases, you ca
n automate account closures and access requests, making sure these activities ar
e approved by the proper people.
Access governance addresses privilege creep (when individuals change responsibilit
ies, but don t shed accesses that are no longer appropriate), stale accounts (acco
unts that remain after their owners leave the organization), orphans (accounts t
hat don t seem to belong to anyone), and shared accounts with no one individual answ
erable for their use.
Access governance also allows IT leaders the ability to perform security audits
so they can review the entire system, see access points and address any problems
that arise.
As access governance use grows and evolves in the identity and access management
world, it gradually envelops and supplants identity management. Access governan
ce is a more robust than former identity management solutions, and, as outlined
here, allows organizations to peer easily into the entire goings on of an organi
zation. Access governance is the king of this hill, but the long view of things
seems to suggest its reign will be long lived.