Great article by Mike Vizard of ITBusiness Edge that points out the need for effective access governance.
In his article he sites advice from Kelly Bissell, a principle with Deloitte & Touche, that organizations need to evaluate their data governance processes along an access control maturity model that encompasses the following concepts:
User life cycle management - a set of processes for managing user access within the environment from time of hire through termination or retirement.
Enterprise role management - processes associated with establishing a role-based structure that links applications from downstream applications to the broad enterprise, making it easier to grant appropriate access needed by users to perform their work.
Compliance management - composed of key compliance activities companies face for user access controls such as segregation of data (SoD), user access reviews, password policies, etc.
Enterprise identity and access management- a comprehensive set of processes and tools that enable security tasks for management of user identity, workflow processes, password management, and user and role administration.
Aveksa’s has a similar perspective. The items mentioned above are really about providing a continuous approach for the management of user access across its entire lifecycle. When you combine enterprise role management and access policy automation with a set of event driven rules, you now have the ability to implement an access change management control framework. In essence, security can now become its own business process where governance is automatically embedded in the process.
The benefits that can be realized include; streamlined access delivery, lower operational overhead for IT and sustainable compliance. This approach will greatly simplify the complexity that IT organizations are having to deal with when managing changes to user access across hundreds of information resources and thousands of user entitlements.
