This document introduces the concept of access governance. This concept is linked to corporate business drivers around risk management, audit and regulatory compliance and explains how the Hitachi ID Identity and Access Management Suite meets access governance requirements.
Risk management and access governance
Organizations are increasingly concerned about risk. There are multiple drivers for this:
- Regulations pertaining to corporate governance, especially as this regards financial statements, such as Sarbanes-Oxley.
- Regulations pertaining to privacy protection, such as PCI-DSS, GLB, HIPAA and the EU Privacy Directive.
- Multiple well-publicized security breaches, including at RSA (key material relating to all SecurID tokens compromised), Target (payment card data relating to millions of consumers) and many others.
Since most information flows in the modern enterprise are digital, all of these risks relate in one way or another to inappropriate access to applications or data.