Enforcing Segregation of Duties through Provisioning and Attestation
The ever-increasing complexity of regulatory frameworks require risks from internal fraud, data manipulation and theft of intellectual property to be managed, measured and quantified, thus pushing identity management towards governance, risk management and compliance (GRC). Currently, there is a paradigm shift visible in the management of identity risks. Traditional user provisioning solutions are dealing proactively with enforcing policies for access rights. However, the implementation of such provisioning solutions often is a tedious task and not focusing on the business-driven compliance issues. Therefore, customers ask for tools which enable risk modelling, attestations and remediation without the requirement for complex provisioning projects. Such tools work with data of existing identities and IT resources in the corporate applications.
Both approaches have their pros, so best would be to ear synergies from both of these approaches. This panel brings together experiences on bridging the gap between technical user provisioning solutions and the need for business-oriented information on the risk management side from several different projects in the finance industry.