Access Certification Roadmap for Small

and Medium Sized Business (SMB)

ID: info@securends.com
Call us: 678-374-4243 SecurEnds.com
 SecurEnds.com

Introduction: Access Certification is the process of certifying employee, contractor and

vendor access to applications and is often mandated by a number of industry regulations
such as SOX, NIST, FDA 21, GDPR, PCI-DSS etc. The user access certifications require
approvers who range from application owners to reporting managers to review and
approve/revoke access and privileges for each user/identity.

Access Certifications are effective in helping organizations navigate the ever evolving threat
landscape by removing orphaned accounts. Up until recently, SMB organizations could
either do access certifications manually or buy enterprise level products mentioned on
Gartner Magic Quadrant for Identity Governance and Administration (IGA).

Emerging technologies such as containers, AI/ML are driving innovations in Identity

Governance & Administration space. New vendors are emerging with lightweight cloud
ready products that can automate access certifications effectively without breaking the
bank. The focus on this article is to present a roadmap that SMB can use on their
automation journey.

ID: info@securends.com
Call us: 678-374-4243 Request A Demo
 SecurEnds.com

Conduct Proof of Concept (POC): Once companies have a clear understanding of future
state and goal, it is time for a Proof of Concept (POC). The ultimate objective of the POC is
to mitigate the risk of a purchase by ensuring that the product has all the features that are
needed for the future state.

As a best practice, non-functional considerations such as connectors should generally be

ignored. Focus should be on trying out the access certification workflow.

Plan Implementation: Implanting access certification/IGA software requires an incremental

approach. Cutting the scope into manageable stages increases the chances for success.
SecurEnds with its proprietary rapid deployment approach allows access certifications on
high risk applications and databases using CSV file upload while connectors are being build.

This is now a leading practice for accelerated value delivery. It is also important to ensure
that the vendor team engaged in the POC is actually the one that does the
implementation. IGA implementation fails when software vendor hands off customers to
third party implementers who don’t have sufficient product knowledge.

ID: info@securends.com
Call us: 678-374-4243 Request A Demo
 SecurEnds.com

Understand Current State: It is hard to develop a roadmap for access certifications without
understanding existing capability. People and Process play a big role in the current state.
Understand the current policies and procedures for certifying employees, contractors and
vendors. Review previous year’s audit findings to develop an understanding of risks.

Understand the on boarding and off boarding requirements for Joiner, Mover and Leavers.
Knowing workflow gaps at this stage is critical as well and will drive the RFP process.

Define Future State: This encompasses creating the user access certification process of the
future. If the company expects to grow by way of acquisitions, the future state IGA should
have a robust centralized access requests and approvals. Risk factors for data breaches as
well as compliance requirements for protecting data should be considered. One must also
understand security and compliance controls (e.g., segregation of duties, unauthorized
access permissions).

The team must validate the Future State with designated stakeholders. By going through a
check list of questions with the stakeholders picture of the future state will emerge that
accommodates the complexities of the computing environment across the enterprise.

ID: info@securends.com
Call us: 678-374-4243 Request A Demo
 SecurEnds.com

Reference Link:

https://www.securends.com/access-certification-roadmap-f
or-small-and-medium-sized-business

https://www.cisco.com/c/dam/en_us/partners/downloads/
partner/WWChannels/sales_marketing_resources/smb/doc
uments/overview_of_select_certification.pdf

ID: info@securends.com
Call us: 678-374-4243 Request A Demo
 SecurEnds.com

Thank you

ID: info@securends.com
Call us: 678-374-4243 Request A Demo