Access Rights Review
A powerful process to reduce risk
The most common alternative to the term “access certification” or “access review” is “attestation”. Attestation is an ongoing review and confirmation process that will help enterprises to reduce risk by:
- Correlating users with their access to systems and applications
- Evaluating the risk associated with that access
- Reviewing access deemed as risky or inappropriate
In practice, the enterprise distributes lists of people, their accounts, and the entitlements of those accounts (also known as ‘access’), to different constituents (often line-of-business managers and application owners) for review. The participants in this process decide whether access is appropriate and thus should be retained or inappropriate and thus must be removed.
Access certification is a powerful process where the primary goal is the reduction of risk. This goal can be accomplished in direct and indirect ways. Access certification directly reduces risk by addressing threats associated with over privileged and toxic combinations in excessive access. Revoking inappropriate access removes potential threats to the organizations. The indirect way where access certification reduces risk is by transferring some responsibility to the individual. Participants in the access certification process are charged with evaluating the risks associated with the access they review. They are held responsible for their evaluations.
Deep Identity offers access certification not only of users, but also certification of roles, both business and technical. While user access certification limits who has access to what, role attestation refers to aggregation of access independent of any particular user. Both these attestations have their own advantages and uses in an enterprise.