Users move through organizations, and as they do so they require new access rights and no longer need old ones. Users can be counted on to request new access rights, as without them they cannot do their jobs. Unfortunately, users never call IT support to ask for old rights to be revoked. Consequently, users accumulate rights over time -- the more often their role changes, the more rights they retain.
- Role-based access control can link access rights to a user's responsibilities, simplifying both adding new and revoking old rights.
- Access certification is used to periodically invite business stake-holders to review user rights and identify no-longer-needed ones to revoke.
- Hitachi ID Identity Manager can compute risk scores to identify the users who can cause the most harm and who should consequently be subject to the most stringent controls.
Using Identity Manager, organizations can efficiently identify and remove excess rights, to minimize access risk.