Identity governance is the policy-based coordination of user identity management and access control. It’s crucial to both IT and regulatory compliance. Why is it so important?
“The world of governance is about who has access to what, who should have access to what, and are they using it correctly.” – Mark McClain, CEO of SailPoint
In a rush, users are often granted more access levels than what they need in order to complete their tasks. This could be because access approval was put on the shoulders of someone who holds a position of oversight but has no real involvement with the user, to begin with.
A study by Veronis showed that 30% of companies leave over 1,000 folders open to all employees.
Our experts suggest giving out access sparingly. Starting someone with the minimum level of access they need to do their job is your safest bet.
But the real challenge is that users are not a stagnant piece of data. Employees are constantly coming and going, being promoted, or demoted. So reviewing access control is as crucial as handing it out. Put a system in place to routinely review access levels and ensure those are still functioning well from a security standpoint.
Often a past employee’s accounts are left open for fear of causing some other administrative issue. But when such accounts are not disabled, we’ve only created another door to sensitive information.
You Might Find These Articles Interesting: