05 May Access Certification: “In God we trust, all others must bring data”
This famous quote has been attributed to W. Edwards Deming, and for data analysts it captures their underlying “data-driven decisions” belief. Data is key for organization to improve efficiency, performance and to gain insights from information, in order to compete and lead the change.
The quote is especially relevant to Identity Governance and Administration (IGA) people, dealing with Access Data and Access Certification, where the access trust model is based on Access Certification of user’s Access Data.
Access Certification is a periodical review and validation of user access (roles, accounts, entitlements, permissions) to resources / applications, to ascertain assigned access is correct and remediate inappropriate or excessive access.
Access Certification solutions empowers organizations to effectively meet audit and compliance requirements and improve its overall risk posture.
The goal of automated Access Certification process is to provide simple interface, efficient processes for business managers and resource owners to improve the efficiency and effectiveness of certification campaign.
Excel driven Access Certification – automated, simple, familiar and efficient
Confluxsys Identity Analytics Platform (IAP) leverages your existing IAM (Oracle Identity Governance – OIG) investments to reduce rubber stamping, time and cost of running certification campaign, by providing simplified and familiar (excel-like) user experience.
IAP enables users to perform review using workbook/spreadsheet interface, by combining certification tasks from multiple reviews in a campaign; without losing the details of “current and context information”.
IAP utilizes the familiarity and logical approach of excel spreadsheet for reviewing and recording access decisions; while doing away with laborious, error-prone and in-consistent (traditional) creations process.
IAP’s intuitive and familiar interface with all the required contextual information in one place has helped our customers combine review and complete review in half the time of previous certification campaigns.
“Bringing data” – Access Data Collection
Now to the part of “bringing data”, for Access Certification or IGA, this process is called as Data Collection. Access Data Collections is the pre-requisite for coverage of wider IT asset Access Certifications, and staying in compliance.
While the proliferation of organizational resources / applications (connected & dis-connected systems, across on premise and cloud) has led to large Identity and Access Data stores, the technical solutions to Collect and Analyze these Access Information is still catching up.
Access Data Collection and Application On-boarding to Identity Governance and Administration (IGA) Platforms, continues to be time, cost and resource intensive tasks for organizations. The Access Data Collection is highly depended on application / domain knowledgeable and competent resources.
Access Data Collection involves Access Data Quality analysis: data analysis, data cleansing, modelling and mapping to IGA data model, information enrichment and control.
Confluxsys Identity Analytics Platform (IAP) provides an Access Data Owner driven approach to upload Application accounts, entitlements, permissions, and perform Data Quality Analysis – validate, correlate, analyze, cleanse & reconcile, prior to the start of Access Certification. IAP allows Data Owners to manage/enrich entitlement catalog, risk-scores without direct involvement of IT team. IAP enables Application Owners to upload access data in an “as is” data model and improves data quality by providing immediate data analysis feedback.
Confluxsys IAP is helping our customers by enabling Application Data Owners to drive Access Data Collection process: review and resolve data quality issues and enrich entitlement data with business information (catalog enrichment).
The solution helps with much faster rate of Application on-boarding to Identity Governance and Administration (IGA) Platforms, minimize identity fragmentation and reduce cost and risk with closed loop remediation.
Data Quality and Analytics
Data Quality is essential for Identity Governance and Administration (IGA) and Access Certification process. In order to extract business value from Access Data collected using the Data Collection process, it must be processed, analyzed, controlled and enriched.
The goal is to use Analytics to improve the efficiency and effectiveness of Access Certifications process and provide business with reports and trends that can further enhance IGA automation.
Confluxsys Identity Analytics Platform (IAP) performs Data Quality Analysis – normalize, validate schema and syntax, entity relationship (account to entitlement), correlate and verify User and Account Status, transform, compute change, analyze, cleanse & reconcile, prior to the start of Access Certification. IAP improves data quality by providing immediate feedback and performing analytics on the uploaded data. IAP provides Data and business owner with a simple interface to enrich entitlement data with business information (catalog enrichment).
IAP ensures data integrity and auditability and allows Access Data Owners to review/approve the uploaded data based on certain threshold conditions (ex. % of changes, % of failures/warnings) prior to data being published or reconciled to IGA platform. Validation rules are configured at global and application specific level. Validation rules can be configured on access data for unique constraints, format (email, phone number etc.), not-null.
Confluxsys Identity Analytics Platform (IAP) is helping business on-board application to IGA platforms and stay in compliance. IAP puts Application Owners in-charge of Access Data Collection: review and resolve data quality issues and enrich entitlement data with business information (catalog enrichment). IAP Access Certification utilizes the familiarity and logical approach of excel spreadsheet for reviewing and recording access decisions, without losing the details of “current and context information”.