Identity Management Blog

Part 1 of this 3-part article set the stage by defining access governance in general, and with a focus on cloud applications. In this second part, we look at the scope of access governance and some of the unique challenges that cloud applications rise.
Read More
In working with some of our clients recently, I have engaged in discussions with them concerning their Identity and Access Management (IAM) strategies in light of compliance and risk mitigation, and the topic of Access Governance has been front and center of the discussion. Since this is a timely and relevant issue for many organizations, I feel compelled to share my point of view.
In Part 1, we discussed the reasons why role management is important as part of IAM, and also discussed why we believe you have to embrace role management, it is already part of your IAM initiative, whether you like it or not. In this piece, we want to provide some suggestions and advice on how to go about managing roles.
During our advisory services engagements, the topic of role management always comes up as one would expect, and it quickly turns into a room divider. Some clients consider role management as a utopian approach to identity management that consumes multiple cycles yielding limited results; others passionately embrace it, often to the point where it conflicts with taking action in other Identity and ...
Based on feedback received from nearly 100 IAM projects (and counting), it's abundantly clear to us that organizations that have taken the up-front time to set-up an IAM Governance Body prior to detailing the specifications of the solution are typically far more successful than those that have chosen to 'play it by ear.'  Unfortunately, too many organizations shy away from establishing an IAM ...