The sector is quickly evolving from a series of single solutions that provide access management to individual employees, to solutions that monitor access and permissions across an organisation’s entire spectrum. Put simply, traditional IAM (identity and access management) is evolving into access governance.
How do we differentiate between traditional IAM and access governance? Access governance can be described as governing access across an organisation, driven by policy and procedure, it involves greater security and tighter controls.
Traditional identity and access management, however, is singular in focus. One person is given rights and access based on a singular permission for a needed task or role.
So why are we seeing this evolution towards access governance? Computer World suggests that the rise in its prevalence is due to “increased emphasis on regulatory compliance, growing awareness of and sensitivity to insider threat, and a heightened concern for overall IT security.”
Organisations worldwide need increasingly better insight into who is using their systems and resources, when, how and why. Access governance is foundational to this trend and will likely receive the lion’s share of the headlines in the months and years to come.
The sector also will become much more involved in organisational security. Historically, identity and access management had been focused on passwords and basic rights management.
Solutions maintained modest functions as keepers of passwords and re-setters of information. Whilst security has always been a tenet of the solution set, ease of use to access and data was more the central point.
No more; the mission has changed and the sector is now much more focused on ensuring proper access to protected data – this is throughout the entire makeup of the organisation.
In large part, this move is dominated by the regulations imposed by governing bodies. Operating a robust access governance policy affords organisations the ability to better monitor their environments, protect against nefarious activity and report these findings in case of audit.
Read more on cyber security:
- Cyber attack costs reinforce the need for investing in IT talent
- Tricks of the trade to avoid cyber scammers
- Security of personal data – are you complying with your obligations?
Not only is their function changing, but so has their delivery. Cloud has become king, but that doesn’t mean that living in the land of on-premises doesn’t continue to have its benefits. With the explosion of cloud usage, better access and provisioning is required to manage and protect the data that resides there.
Access governance solutions must (and most are) responding in kind to secure these platforms. The catch here is that provisioning systems must be able to manage the requirements of cloud data operation while also serving on-premiss environments.
Does the cloud mean the end of on-premises access governance solutions? In short, no. On-premises solutions will remain vital and will share a crucial space with the cloud world, being as symbiotic as crops and rain.
In a nutshell, we’re witnessing maturing of existing technology and strengthening of cyber security policies, helping organisations and government save billions of pounds while providing a seamless and secure experience to users.
As we continue to move forward in this sector, we’ll see organisations take an even more robust stance on completely integrated access governance systems.
Those organisations establishing an access governance infrastructure must create a pulse within the organisation for doing so, a process that needs to encompass all channels.
The increased use of this technology should improve the password process leading to minimal friction and advanced access capabilities.
Big times ahead for the industry and no small achievement for the gains we are making.
With continued developments in cyber security and hacking, one startup launched a service to protect victims of revenge porn.
Robert Doswell is managing director at Tools4ever UK, which supplies a variety of software products and integrated consultancy services involving identity and password management, and more.
Share this story