I will start today here a new series of posts that will collaborate on spreading the most important definitions around the immense world of Information Technology (IT). These definitions appear regularly in the website WhaIs.com, which is one among a vast collection of sites called TechTarget, that features topics such as Cloud Computing, Information Management, NetworkingIT, CIO and Data Science.
Today’s first contribution is the definition of Access Governance, an important topic for modern enterprises when it comes to proper standards of who, why and when is it appropriate the access to information in an organization:
Access Governance (AG)
Access governance (AG) is an aspect of information technology (IT) security management that seeks to reduce the risks associated with excessive access rights, inactive users and orphan accounts. In the enterprise, an important goal of access governance is to reduce the cost and effort that’s involved in overseeing access management procedures and policies and help the organization meet compliance and security standards.
The need for access governance has grown in significance due to an increased emphasis on risk management and regulatory compliance, as well as a growing sensitivity to the possibility of insider threats and a heightened awareness of information as a valuable business asset. Effective access governance requires software tools that can help access risk, track access, simplify reporting, validate change requests and automate the enforcement of role-based access control (RBAC) policies. Many access governance software applications combine access control (AC) with identity management capabilities, enforcing a standard set of access rights for business roles while remaining flexible enough to accommodate the needs of super users. Because the software provides transparency, it becomes easier for managers to spot privilege creep and enforce the principle of least privilege (POLP).
In some organizations, the responsibility for access governance is shared by managing members of the organization’s information technology, business and legal teams. Because privileged users continue to serve as a primary vector for security breaches, it’s important for managers to have visibility into access and work together to mitigate risk and decrease the organization’s attack surface. When access governance becomes a cross-departmental effort, the organization becomes better at staying on top of changing regulatory requirements, overseeing internal policies and conducting access reviews and recertification on a regular basis.
Featured Image: FORCE 3’S RAMON THOMAS FEATURED TECHTARGET COLUMN