Governance process

Governance in IGA can be described as the set of rules and practices that an organization follows to:

• Control access: ensure that the right people have the right accesses.
• Enforce policies: implement and enforce security and access policies to protect sensitive information.
• Comply with regulations: meet legal and regulatory requirements related to data security and privacy.
• Manage users: efficiently manage the creation, modification, and removal of user accounts and their access rights.
• Monitor and audit: keep an eye on who accesses what and when, and maintain records for auditing and compliance purposes.

Governance helps organizations maintain security, compliance, and order in their digital environments.

Typical challenges which European organizations experience in relation to governance include:

• Need for always-on visibility to identities and access rights to support audits and regulatory compliance
• Costs from unused or unnecessary software licenses
• 70% of users have more access privileges than required for their job
• Identification and elimination of Separation-of-Duties (SoD) policy violations
• Prevention of unwanted data exposure and breach of information 
• Easy identification of high-risk users
   

Efecte IGA provides use cases and capabilities which address the previous challenges:

• Ready -made reports that provide transparency to customers’ current directories’ user -, account - and group – information. Customers have the flexibility to create own reports. 
• Identification and removal of unused or unnecessary accesses. 
• Access rights re-certification: an IT control that involves auditing user access. rights periodically, to determine if they are correct and adhere to internal policies and external regulations.
• Identification and prevention of toxic combinations to avoid access rights combinations which can lead to fraud and theft of information.
• Password management; management of IGA users; locking of user accounts; and reconciliation to flag and correct differences between IGA and customer directories.
• Risk level calculation done per user for re-certifications and auditing.
   

The following figure shows the Governance use cases in Efecte IGA across different modules. For example, reporting, password management, account management, risk level, toxic combinations, reconciliation, recertification and lock user account.