Technical Field
This disclosure relates generally to the field of digital resource access, and more particularly to risk-based computer recertification of online access.
Background of the Related Art
Identity and Access Management Governance is a set of processes and policies for organizations to manage risks and maintain compliance with regulations and policies by administering, securing, and monitoring identities and their access to applications, information, and systems. Although potentially complex in implementation, the concept of Identity and Access Management (IAM) Governance is fairly straightforward: determine who should have access to what resources and who should not, according to government regulations, industry-specific regulations (SOX, HIPPA, GLBA, etc.), and business regulations and guidelines. Typically, key aspects of IAM Governance include access request governance, entitlement certifications, reports and audits, and analytics and intelligence (including role management, entitlement management, separation of duties enforcement, and privileged identity management). An end-to-end IAM Governance solution may also provide related functions, such as access enforcement, user provisioning, password management, and user lifecycle management.
Identity and access management (IAM) systems protect enterprise data and applications with context-based access control, security policy enforcement and business-driven identity governance. These systems may be operated in a standalone manner, in association with cloud-based environments, or in hybrid environments.
Automated systems for IAM health checking detect identity-centric risks within a governance system by scanning for one or more weakness patterns, such as too many Admins configured, account sharing, or cloning of access permissions. One IAM task involves conducting an audit of existing accounts and determining whether the entitlements associated with an identified account should be recertified. The notion of recertification typically involves reaching out to a user proactively and asking whether he or she still needs the account. The known approach to role recertification determines whether there is a continued business need (CBN) for a particular person to be a member of a particular role.
Managers tend to rubberstamp recertification requests and not review them thoroughly. A related problem is that identity governance programs are not very effective at finding unused (or dormant) accounts. Further, known prior art techniques do not provide for quantitative measures to determine recertification campaign effectiveness.
It would be highly desirable to provide IAM systems with the ability to provide a way to measure the effectiveness of a recertification campaign.