1 Introduction

Access Governance & Intelligence is an IAM focused risk management discipline that facilitates business involvement in the overall management of access rights across an organization’s IT environment. Access governance provides necessary (mostly self-service) tools for businesses to manage workflows and access entitlements, run reports, access certification campaigns, and SOD checks. Access intelligence refers to the layer above access governance that offers business-related insights to support effective decision making and potentially enhance access governance. Data analytics and machine learning techniques enable pattern recognition to deliver valuable intelligence for process optimization, role design, automated reviews, and anomaly detection.

Access governance concerns the access mechanisms and their relationships across IT systems and is instrumental in monitoring and mitigating access-related risks. These risks most commonly include information theft and identity fraud through unauthorized changes or subversion of IT systems to facilitate illegal actions. During the last few years, many major security incidents originated from poorly managed identities, which established the need to address these issues across all industry verticals. Data thefts, loss of PII (Personal Identifiable Information), breach of customer’s privacy, and industrial espionage are becoming common security risks in virtually every industry today.

Access Governance, an IAM focused risk management discipline, focuses on providing answers to a few key questions such as:

• Who has access to what and why?
• Who has approved that access?
• Are there any orphan accounts?
• Are there any dormant accounts?

These questions can be answered through a set of access governance functionalities, which includes warehousing access information from different systems, providing controls for attestation and recertification processes, auditing, reporting, and monitoring capabilities. In turn, these capabilities invoke active management of preventive controls to identify and mitigate the access risks. Additional aspects are data analytics for pattern recognition to drive process automation, effective role management, anomaly detection, and other access intelligence capabilities.

Another challenge today is that most organization IT data, applications, and services are spread across both on-premises and cloud environments. Inevitably there will still be business use cases that will ensure some IT data, applications, and services remain on-premises. In contrast, other use cases will drive the need to use cloud infrastructure and services, ensuring that this hybrid environment continues for the foreseeable future. Access governance solutions need to support both on-premises and cloud environments, which in many organizations are spread across multiple cloud vendors, in this hybrid reality. Many organizations also face the challenge of migrating from a data center to the cloud with a multi-cloud strategy. A multi-cloud strategy uses two or more cloud computing services such as AWS, Azure, and GCP.

SecurEnds addresses these challenges and risks through user access governance with its Credential Entitlement Management (CEM) solution. CEM leverages AI to automate user entitlement reviews across a wide range of applications and systems.