Redefining Access Governance: Going well beyond Recertification
When looking back at the evolution of Access Governance, this is a history of change and rapid innovation. From the days of “Enterprise Role Management”, before the term Access Governance even was known, to common marketing terms like IAG (Identity and Access Governance) or Access Intelligence, a lot has happened. Virtually all major players have entered this market. Products became more mature. Access Governance has replaced Identity Provisioning as the typical starting point for IAM (Identity and Access Management) initiatives. It delivered at least partially at the promise of a business instead of an IT tool. Advanced analytics are on the rise.
Nevertheless, Access Governance still hasn’t reached its final maturity level. It is still a relatively new segment and KuppingerCole expects to see massive innovation over the course of the next few years. Given that Information Security is facing new challenges in these days of the Computing Troika (Cloud, Mobile, Social Computing), given that more and more access is based on system-to-system communication (The API Economy) and resulting in the fact, that Dynamic Authorization Management and risk-/context-based authentication and authorization must and will gain massively on momentum, Access Governance is facing new challenges. It is about going beyond traditional, static role-based approaches. It is about integration with other GRC products. It is about integration with Service Catalogs. There are far more challenges Access Governance is facing.
Martin Kuppinger will define and prioritize these challenges and show how Access Governance can and should mature. He will talk about maturity levels for Access Governance. He will provide criteria for picking the Access Governance solution of choice, depending on the short-term priorities but with a longer term evolution in mind. And he for sure will also have a look at the brand new KuppingerCole Leadership Compass on Access Governance. This will be the session which gives you the information you need to make sustainable investments will also having some quick wins. It is a must attend session for all: Customers planning to start with Access Governance, customers rethinking their Access Governance investments, system integrators, and vendors thinking about their product roadmap.
Access Governance: How to Govern all Access
Access Governance is a key building block in IAM (Identity and Access Management) deployments and as part of IT GRC. However, traditionally Access Governance focuses on managing access based on roles and thus on static assignments. It frequently lacks tight integration with Privilege Management for highly critical IT users like root, system accounts, or shared accounts. It also typically lacks support for managing business and security rules within Dynamic Authorization Management, for instance for XACML-based systems. However, managing not only roles but also rules consistently, with well-defined workflows for definition and approval, and managing all types of accounts appears to be increasingly important for customers. Other major trends are around Data Governance, i.e. a deeper view on systems holding less structured information like file systems or Microsoft SharePoint. And there is still the discussion about the level of integration with target systems: Shall Access Governance fully include Identity Provisioning? This panel will look at the future trends in the market around expanding Access Governance to all types of access and to support for direct reconciliation.