Access Certification and compliance controls help companies define and enforce user access policies, such as separation-of-duty (SoD), and automates the process of reviewing user access rights across the organization by initiating periodic or event-driven campaigns for authorized business users to approve, revoke or modify access as part of a centralized identity and access governance program.
Access certifications are an ongoing process where LOB managers and designated approvers review who has access to what to confirm that each user/role has access only to the resources necessary to perform their job function. In doing so, organizations prevent users from accumulating unnecessary privileges and decrease their risk profile.
Accordingly, the risk mitigation benefits of access certification are only as good as how careful the approvers are in examining access rights. Access certification efforts often suffer from the rubber stamp syndrome – this is when a manager/approver bulk-approves all access rights presented in a review by “selecting all” and clicking “approve.” One common reason for rubber stamps is when approvers get constantly swamped with too many access certification requests. This can be avoided by implementing Identity Analytics that gauge usage of business roles and entitlements as well ask measure risk levels of entitlements that should be reviewed more frequently by the appropriate individuals. Also by implementing automated provisioning of birthright roles, an organization can streamline the access required by each job function and “normalize” highly technical terms into business speak so that reviewers can better discern what access is appropriate for each user. Avoiding Access Certification “fatigue” is critical, as many organizations want to review everything all the time. Many organizations that have realized the power of productive automated access certifications are tempted to extend the certification reach to ensure compliance. By implementing automation in the access request and provisioning process, along with enforcing SoD policies, Anomalix IdGenius clients are performing fewer and fewer access certifications, while improving security and compliance auditing and reporting.