Roles, Recertification, Access Governance: The Lean Approach

Roles, Recertification, Access Governance: The Lean Approach

Identity Management, Access Management and Access Governance are vital elements of an IT strategy laying the administrative foundation layer for achieving strategic goals. These goals include:

• The efficient management of user access to corporate resources and
• Evidence of compliance to legal and regulatory requirements, such as the Sarbanes-Oxley act or national data protection legislations.

Experience shows that currently implemented solutions and architectures for the management of corporate identities and their access to resources tend to be overly complex, require substantial manual efforts and lack flexibility.

But flexibility is key when organisations of all types face fundamental changes. And it is key especially for both of the above given goals when the only constant factor is change. This includes changing requirements resulting from changing markets, changing business models and product strategies, from changing legal and regulatory requirements and organisational changes from restructuring to mergers and acquisitions.

In this workshop we will look at changing and increasing requirements, diverse and sometimes contradicting strategies for shaping and assigning access rights while maintaining compliance to regulatory and legal requirements.

Swiftly assigning the right access to the right people gets more and more important, and empowering the users’ expertise might be the decisive factor for agile companies succeeding against competitors. Next generation access management and access governance will most definitely look different from today’s existing complex role designs with scheduled access recertification campaigns and provisioning cycles that taken days instead of instantaneous access when required and approved.

This workshop will illustrate that the role of access management and access government is currently shifting from being an “internal IT and administration thing” to becoming a vital component of an overall technology strategy providing an important operational foundation layer for modern businesses, while ensuring security and governance far beyond the requirements by regulators and legislation.

Attendees will learn about:

• Lean role design principles
• Attribute-based access control
• Complementing role design with access risk assessments
• The deployment of a sureccess automation and access analytics
• Strategies for leveraging organisational knowledge by empowering the user

To achieve this, the workshop will discuss current trends of developments in access management and governance while providing valuable information for deciding whether to transition towards leaner strategies.

Agenda

9:00 - 10:30

• Access management, role design and Access Governance: Where we are and where to go
• Access Governance: Status Quo in different sectors (Financial Industry, Telcos and others
• Requirements for a next generation access governance
• Change as the new normal
• From extended enterprise to the new ABC
• Changing legal requirements
• changing business requirements
• changing markets
• changing organizations
• changing business models
• Flexibility and agility

10:30-11:00 Coffee Break

11:00 - 12:30

• Understanding different role design approaches
• Complex, but comprehensive enterprise models
• Or lean, pragmatic approaches
• Risk and access criticality
• Flexibility and agility vs. regulatory compliance
• Full coverage vs. 80%
• Access risk assessment as part of the role design process
• Roles tend to be volatile,
• Agile role lifecycle managmement
• Reassess risk

13:30 - 14:30

• Context, risk and user empowerment
• Risk based access and dynamic authorization
• Context based authorisation and authentication
• Empowering the user
• Self service access request
• Re-Approval instead of Re-Certification
• Ask the expert: Approval by
• Line Managers
• System Owners
• Risk management
• Attribute-based role assignments
• Automation and Analytics

14:30 - 15:00 Coffee Break

15:00 - 16:00

• Best of all worlds: Getting „lean“, „pragmatic“ & „compliant“
• Gradual transitions
• Hybrid designs
• Quick wins
• Improved security
• Simplified compliance processes
• Easy adjustment to changed requirements
• Direct support for business requirements