Access certification reviews may only be an occasional event, but for business owners who find themselves sifting through mountains of data to figure out which users have access to what, who has access they shouldn’t, and whether privileged users have too many privileges, that’s more than often enough. “If I wanted to do this, I would have become an auditor,” they’re thinking, as the tough, time-consuming task forces them to leave critical core responsibilities behind until it’s done.
If you’re lucky, you’re working with business owners who may not like access reviews, but understand their importance—and are willing to work diligently to confirm that the users they manage have access to all the resources they should and none of the ones they shouldn’t. But because it’s such an inherently burdensome chore, there’s always the risk that some will find it difficult to devote the scrupulous attention that’s needed to get it done right. Even if they’re not intentionally cutting corners, they could easily overlook a detail or two that might ultimately create problems ranging from serious data breaches to fines for noncompliance.
The good news is there are ways to make reviews easier—but historically, few identity governance systems have offered the relevant capabilities. So what are the specific problems, and how could they be solved? Let’s look at two of the overall challenges with access reviews and how to address them.
Challenge: Where to start? Access review data typically hits the business owner’s desktop without any context as to where (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Tim Norris. Read the original post at: http://www.rsa.com/en-us/blog/2018-03/oh-hello-access-certification-reviews-back-again-so-soon.html