ERAM And Access Governance: A Collision With Access Management And Organizational Security

1512

Across any organization, data is stored on file servers throughout the network. The access to this data is likely unstructured and may constitute a risk to the organization. Because managing just who may have access to this unstructured data is virtually impossible, making complying with information audits a challenge.

There are ways to brings order to this chaos and maintain an audit trail, making all access permissions visible, and obtaining recommendations about how to structure the unstructured data logically. Enterprise resource authorization manager (ERAM) technology can maintain an audit trail of all the actions in the network. For example, users who modify a file, delete it, copy it, move it etc., there is a visual record of who carried out what action in the file system and when.

ERAM can offer an overview of all access rights, including what rights a user has or the other way around, and an overview of all the users who have access to a particular file. Finally, with ERAM technology, it’s possible to regularly collect and categorize all unstructured data and access rights per user. It is then possible to make a recommendation about what access rights should be withdrawn to keep the network structured, secure and compliant.

Organizational leaders can seek clear insight into unstructured data, which Gartner estimates that more than 80 percent of business information is stored in an unstructured manner. Such technology, then, drastically reduces the complexity of access management protocols. Without it, it is impossible to guarantee that this data is effectively protected.

Such technology provides direct insight into all the access privileges relevant to the file system through the rights structure in Active Directory groups, ACLS and direct access. Likewise, this offers a detailed audit trail of the actions that each employee has performed for what file and which directory, and at what time and makes recommendations with regards to the set of rights that can be reduced based on the actual activities performed by an employee.

In essence, this type of technology is at the heart of access governance. In other words, this is the next phase in development of what was previously known as identity and access management. This, however, is the coming of the new access management sector.

Access governance is a far different breed than traditional identity management and ERAM solutions are a component of that. The solutions used to manage access rights are more comprehensive than what we’ve seen so that when managing user rights, permissions and peering into an organization. Access governance provides organizational leaders with the ability to take a deep dive into the entire goings on of the network.

In regard to security, automating operations and managing compliance and audits through access governance is now more vital to an organization’s survival. In a sense, the visibility provided into an organization through identity management solutions simply is not there across all systems. Users of IAM solutions are discovering that they need more visibility into who can access their key resources and how; they need additional layers of information so they can measure the outcomes and impacts of who might be doing what when to the organization’s information.

Access governance allows you to see everything in your organization’s systems. Everything an employee has done can be tracked, collected, organized and managed. Access governance technology means you can view all accounts from a single, consolidated vantage point. With this, you can pull together an organization’s information, such as who has access to accounts on what systems, when those accounts were last used, and even who has responsibility for approving the access provided, all while making it accessible and viewable from one place.

You can spot vulnerable accounts and cases of excessive access to determine how to resolve any potential issues. IT leaders also can perform periodic account reviews and to make ongoing decisions about who should retain, lose or be granted access to solutions or solution sets. Access governance also shows you a point of view from every system available, and an overview then can be taken to the granular level. In so doing, you can review accounts on particular systems or applications and you can examine individual employees and review their access to various resources. Access governance protocols takes on privilege creep, stale accounts, orphan accounts, and shared accounts with no one individual that can claim responsibility for their use.

Access governance and ERAM allows IT leaders to conduct security audits and can review the entire system while addressing access points. So, as access governance use expands and supplants identity management, as outlined here, lets you peer easily into the entire goings of their operation, creating unprecedented power to protect unlike any other time before.

About Dean Wiech
Dean-WiechDean Wiech is managing director of Tools4ever, a global provider of identity and access management solutions. Dean has worked with businesses for more than 10 years, helping them identify solutions that make their businesses more secure, efficient and easier to manage. He is responsible for Tools4ever’s U.S. operations and has written dozens of articles about identity and access management, security, IT audits, BYOD, the cloud and managing IT for small businesses to enterprise systems. Follow him on Twitter.
In this article