An extremely useful tool to ensure that your access rules are being maintained across the enterprise.
-- Julian Ashbourn - October 2006 SC Magazine.
In a typical organization, where large numbers of users are hired, moved around and terminated every year, over time many users acquire more security entitlements than they require:
Excess entitlements represent a serious security problem: users with too many rights may violate separation of duties rules, and may be able to see data or make changes inappropriate to their job responsibilities.
Orphan and dormant accounts are especially attractive to intruders: nobody will notice if they are compromised.
Access Certifier is designed to address the problems of privilege accumulation quickly and simply. Unlike previous approaches to this problem, Access Certifier does not require costly role engineering or user classification. Instead, Access Certifier harnesses the business knowledge of key stake-holders to identify and remove inappropriate security rights.