Extending User Provisioning to Access Governance

User provisioning systems emerged as administrative tools for IT security organizations struggling to manage user access in an era of rapid expansion in the scope and complexity of enterprise information resources.

In recent years, however, intensified regulatory scrutiny has pushed the requirements of access-related risk management beyond the limits of user provisioning systems. As a result, enterprises that rely solely on user provisioning platforms to satisfy their access governance objectives are expecting more from the technology than it can deliver, leaving themselves open to unacceptable levels of risk. Because of this, the identity management market is evolving into two complimentary layers:

The access enforcement layer: technologies such as access management, authorization, and user provisioning reside at this layer
The access governance layer: this layer is designed to provide visibility into who has access to what and manage the business policies and associated processes for understanding who has access to what resources, who approved that access, determining if the access is appropriate, and remediating any access rights violations.

This paper explains that user provisioning technology does not offer the enterprise-wide visibility across user entitlements that is now required for access governance, nor can it manage policy enforcement and the various processes that support it. It describes how access governance extends the reach of user provisioning’s proven value by adding and integrating additional capabilities that are critical for addressing today’s greater regulatory compliance and access risk management challenges.

Download Now