Five Critical Tenets of Identity and Access Management When it comes to actually managing user access, we often find a huge governance gap between business and IT. While internal IT organizations provide the physical access to those files, the management of the business is in charge of determining who should have access to applications and […]
Five Critical Tenets of Identity and Access Management
When it comes to actually managing user access, we often find a huge governance gap between business and IT. While internal IT organizations provide the physical access to those files, the management of the business is in charge of determining who should have access to applications and files. More often than not, businesses don’t do a very good job of managing that gap as roles across the organization change. In fact, it’s within that gap between IT and the business that auditors most often find compliance issues.
To help organizations better address such governance issues, IBM has acquired CrossIdeas, a provider of analytics software that specifically identifies user access to files, applications and systems either on premise or in the cloud.
Ravi Srinivasan, director of IBM security strategy and product management, says most organizations today don’t have a simple way of identifying which users can access particular IT resources. People are granted access when performing one role, but when that role changes, no one in the organization is specifically charged with making sure that the access privileges they needed for the previous job are decommissioned. The end result is a panoply of potential compliance issues that could result in high auditing fees or lead to real fines when those issues are discovered by a regulatory agency.
CrossIdeas, says Srinivasan, eliminates that stress on the organization by allowing IT to discover which user has access to IT resources in minutes. Armed with that information, IT staff can address those issues before an audit, or the auditor can invoke CrossIdeas to dramatically reduce the amount of time it takes to actually conduct the audit, says Srinivasan.
Srinivasan also says that the data from the CrossIdeas analytics applications can be shared with other applications, such as human resource systems, via application programming interfaces (APIs).
The biggest issue with compliance is that in most organizations, no one is really accountable for managing user access on a tactical level. There is no shortage of chief risk officers, but the daily routine of changing assignments and roles within an organization goes on without much regard to the compliance issues involved. Changing that behavior can be a gargantuan task. But by applying analytics, the pain associated with unraveling the potential compliance mess can be reduced.
Michael Vizard is a seasoned IT journalist, with nearly 30 years of experience writing and editing about enterprise IT issues. He is a contributor to publications including Programmableweb, IT Business Edge, CIOinsight and UBM Tech. He formerly was editorial director for Ziff-Davis Enterprise, where he launched the company’s custom content division, and has also served as editor in chief for CRN and InfoWorld. He also has held editorial positions at PC Week, Computerworld and Digital Review.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
