To complement his presentation on “Governing Access – Why should anyone have access?” at this year’s INVOLVE 2022, André Koot, IAM expert at SonicBee, recommends the whitepaper “Identifying the stakeholders in Access Governance.”
Abstract:
Identity and Access Management (in short IAM) is a well-known topic in the domain of information security. Though it may be well known, that does not mean that it is well understood. Most IAM projects are defined as IT projecrs, caring about provisioning users via an onboarding process and deprovisioning them when they leave the organization. And after creating accounts for employees and customers, authorizations are granted, based on the role orposition of a person. The problem is that organizations neglect the accountability of several relevant stakeholders. The wrong people are made responsible for granting access to resources, systems, files and services.
This is where Access Governance comes into play. And therefore, we need to explain what types of stakeholders must be involved in access control decisions. Without defining the right accountability for access control decisions, an organization simply is not in control. The access governance model introduced in this article enables an organization to clearly identify what access decisions have been made and who is accountable for those decisions.
NEXIS 4, as an IAM software, provides controls which are described in the white paper and is used by SonicBee to perform authorization analysis, based on the principles described.
To read the full whitepaper, please download the full paper underneath.
Please follow these links for further information:
- iDPro Body of Knowledge: https://idpro.org/body-of-knowledge/
- Englischer Artikel zum Thema “Role owner”: https://idpro.org/everybody-wants-to-be-responsible-nobody-wants-to-be-accountable/