This document introduces the concept of access governance. This concept
is linked to corporate business drivers around risk management, audit
and regulatory compliance and explains how the Hitachi ID Identity and Access Management Suite meets access
Risk management and access governance
Organizations are increasingly concerned about risk. There are multiple
drivers for this:
Regulations pertaining to corporate governance, especially as this
regards financial statements, such as Sarbanes-Oxley.
Regulations pertaining to privacy protection, such as PCI-DSS,
GLB, HIPAA and the EU Privacy Directive.
Multiple well-publicized security breaches, including at RSA (key
material relating to all SecurID tokens compromised), Target (payment
card data relating to millions of consumers) and many others.
Since most information flows in the modern enterprise are digital,
all of these risks relate in one way or another to inappropriate access
to applications or data.