Skip to main content

Policy Violations - Hitachi ID Access Certifier

Business Challenge

In many organizations, policies stipulate what entitlements users should or should not have. The most common form of policies are segregation of duties -- sets of entitlements that should not be concurrently held by the same user. Other policies may be more complex -- for example, only users with characteristic X may be assigned entitlement Y.

Where there are many users, many systems and applications and many policies, enforcement can be difficult and many users may be in violation of policies, in most cases due to accumulation of entitlements over a long time, as their responsibilities within the organization evolved.

To comply with security policies and various regulations, most organizations must find and either remove policy violations or at least approve them as reasonable exceptions.

Hitachi ID Access Certifier Solution
  • Access Certifier can be used to find users who violate policies such as segregation of duties rules and ask business stake-holders to either approve or correct the violations.
  • Access Certifier can also be used to compare actual user entitlements to entitlements predicted by roles assigned to users, again either accepting or correcting any deviations.
  • In cases where policies are unwritten -- or at least not defined in any automated system -- Access Certifier nonetheless invites business stake-holders to review user rights and comment on their appropriateness, accepting or rejecting individual entitlements.

Where policies are programmed into the system, Access Certifier can be used to find and either correct or approve violations. In other cases, Access Certifier invites business users to apply their contextual knowledge to accept or reject individual entitlements.

Read More:

  • Incomplete Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies.
  • Privilege Accumulation:
    Over time, as users move through an organization, they accumulate new privileges and retain older, no-longer-needed rights.
  • Lack of Accountability:
    There is often no history indicating who approved security privileges and when they were last reviewed.
  • Auditing User Entitlements:
    Auditing user privileges that span multiple systems.
page top page top