Guest Column | September 26, 2016

Access Governance And The Cloud: The Reasons Why

State Of Cloud

By Dean Wiech, managing director, Tools4ever

Access governance continues its climb toward becoming a dominant force in a growing market in a plethora of industries throughout the U.S. and beyond. Organizations now more than ever investing resources in access governance solutions so they can improve process efficiency and the security of their networks without much effort. As the cloud has become more of a standard solution, business leaders must ask themselves how access governance applies to their cloud operations.

Access Governance And Its Importance To The Cloud

It’s important to fully understand exactly what access governance is and how it can help organizations of all sizes in every industry. Access governance ensures each employee within the organization has the correct access rights to the exact resources they need. This is important for employees to efficiently perform their jobs and to keep the company’s network secure. And while access management allows an organization to easily manage accounts and access, access governance creates a method to ensure and monitor access is correct for security reasons.

How is a typical access governance solution set up to work? An organization first must create a model of the access rights for each role of employee within the company. For example, someone working as a manger in the IT department will need certain access rights to systems, applications and resources that others will not need. This allows the person who is creating the account to easily do so without accidently making any access mistakes; either giving the employee too many rights or too few rights.

Separation Of Duties

Access governance helps to ensure correct access rights according to a model, so there needs to be methods in place to ensure there are no mistakes in the model. For example, in a large organization there are many different types of positions and responsibilities, many of which might overlap. There must be assurance an employee does not have the permission to both initiate some type of request and then also accept it. Separation of duties ensures there is no conflict between usage and assignment of access rights.

Then there’s reconciliation, another way to ensure absolutely correct access rights. The reconciliation module compares how access rights are set up to be in the model to how they actually are and creates a report on any differences found. Thus, any discrepancy found can be easily corrected.

Attestation is still another form of checking access and goes one step further in verifying everything is correct. A report will be sent out to managers of a department of a set of employees for them to verify as correct. For example, a department manager will receive a report on the access rights of everyone in her department. She will need to look over the report and either mark access rights for deletion, change access rights directly, or create a ticket in the helpdesk system to change the access rights. After looking everything over, the manager must give final approval for the proposed set of changes to ensure everything is correct.

Access Governance In The Cloud

Why is access governance important for all applications throughout a company? As the number of employees working remotely increases, so does the users of cloud applications. In turn, this means there needs to be ways of ensuring security for these types of applications and for employees who are not working physically in the office.

When an employee is first hired at the company, it is not uncommon for him or her to accidently receive too many rights, or to acquire them over time by working on projects and never have them revoked. However, access rights are frequently overlooked, especially for cloud applications. Access governance solutions ensure access rights are correct across the entire organization, from in-house applications and cloud applications to even physical resources, such as cell phones. This allows all access to be monitored across the entire organization.

Here is what a typical situation would look like in an organization with varying different applications. A new employee is hired in the finance department as a senior accountant and needs accounts and resources created so he can begin work. Based on the model, which the company set up, the employee will automatically receive a Coupa cloud account, Quickbooks, access to the finance share drive and an email address. Then the organization rules set up so that once a quarter the finance manager receives a report of all of the employees in the department and the access that they have, including the new senior accountant. A few months later the manager sees that the senior accountant has access to an application for which he was using for a project that is now completed. The manager can easily tag the access to be revoked and ensure that it is done right away.

Since today’s organizations have many different types of applications, several types of employee working situations — whether employees are traveling, working in office or working remote — varying types of resources both tangible and intangible, etc., it is important that an access governance solution works with all of these situations. Organizations are willing to invest because access governance solutions ensure security, while overall also allowing employees the opportunity to remain productive, and, in the long run, save the company money.

Dean Wiech is managing director of Tools4ever, a global provider of access and identity governance software and solutions.