Access governance is currently one of the hottest topics when it comes to organizations securing their networks and data. Data breaches from outside hackers has always been big news – consider the coverage of the Target and Sony hacks, just to name a few of recent years. These external breaches gather a lot of attention because they affect the personal data of millions of people. Insider hacks, or data breaches by employees and contractors, also happen with alarming regularity but tend to be less newsworthy as companies are quite often happy to keep it as quiet as possible.
This insider threat is what had led to access governance being so topical. Undoubtedly, employees, consultants and contractors need access to applications and data to perform their jobs and complete projects. The key to access governance is ensuring that users have the correct access to applications and data from the approved devices that are used at the right times. To ensure that employee access rights are correct, and stay that way, it is important to have the right modeling in place. The model should be as simplistic and feasible yet thorough enough to minimize disruption to the employee and the IT staff.