Challenges / Solutions Privilege accumulation
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+

Privilege accumulation

Business Challenge
Hitachi ID Access Certifier Solution

Over time, most employees and some contractors move from job to job. As employee responsibilities change, so do their required access to systems and applications.

Users can be counted on to request and acquire entitlements they need to do their job. Unfortunately, they cannot be relied on to ask for no-longer-needed entitlements to be removed. Most users:

  • don't understand the technical details of entitlements.
  • prefer to retain entitlements, in case they are needed again.

Reliable entitlement acquisition combined with unreliable entitlement removal mean that users tend to accumulate unneeded entitlements over time. This creates security exposure, as no-longer-needed entitlements may be abused.

  • Access Certifier is an effective tool to periodically review the access rights held by each user and to flag inappropriate access rights for termination.
  • Access Certifier invites managers, application owners and data owners to review entitlements within their domain of responsibility and either accept or reject each one.
  • Whereas users can be counted on to request new entitlements, Access Certifier can be counted on to request that old entitlements be re-examined.

Access Certifier acts as a counter-balance to reliable entitlement acquisition business processes by periodically inviting responsible parties to review current entitlements and request removal of those which are no longer needed.