Skip to main content

Privilege Accumulation - Hitachi ID Access Certifier

Business Challenge

Over time, most employees and some contractors move from job to job. As employee responsibilities change, so do their required access to systems and applications.

Users can be counted on to request and acquire entitlements they need to do their job. Unfortunately, they cannot be relied on to ask for no-longer-needed entitlements to be removed. Most users:

  • don't understand the technical details of entitlements.
  • prefer to retain entitlements, in case they are needed again.

Reliable entitlement acquisition combined with unreliable entitlement removal mean that users tend to accumulate unneeded entitlements over time. This creates security exposure, as no-longer-needed entitlements may be abused.

Hitachi ID Access Certifier Solution
  • Access Certifier is an effective tool to periodically review the access rights held by each user and to flag inappropriate access rights for termination.
  • Access Certifier invites managers, application owners and data owners to review entitlements within their domain of responsibility and either accept or reject each one.
  • Whereas users can be counted on to request new entitlements, Access Certifier can be counted on to request that old entitlements be re-examined.

Access Certifier acts as a counter-balance to reliable entitlement acquisition business processes by periodically inviting responsible parties to review current entitlements and request removal of those which are no longer needed.

Read More:

  • Incomplete Deactivation:
    Access deactivation can be slow, unreliable or incomplete.
  • Policy Violations:
    Manual security administration leads to users whose access profiles violate corporate policies.
  • Privilege Accumulation:
    Over time, as users move through an organization, they accumulate new privileges and retain older, no-longer-needed rights.
  • Lack of Accountability:
    There is often no history indicating who approved security privileges and when they were last reviewed.
  • Auditing User Entitlements:
    Auditing user privileges that span multiple systems.
page top page top