Gartner Research

Mitigate Risk With an Effective Access Certification Program

Published: 17 March 2017

ID: G00300272

Analyst(s): Lori Robinson

Summary

Access certification is an important component of governance. Effective access certification programs require technical professionals focused on IAM to strike the delicate balance between volume and frequency and provide participants with enough context to make informed access decisions.

Table Of Contents

Analysis

  • Access Certification Overview
    • Features of an Access Certification Tool
  • Business Benefits of an Access Certification Program
    • Compliance
    • Risk Mitigation
    • Strengthening IAM Services
  • Access Certification Fatigue
    • Striking the Right Balance: Overcoming Fatigue
  • Measuring the Effectiveness of Your Access Certification Program
    • Ability to Mitigate Risk
    • Ability to Comply With Regulations and Controls
    • Ability to Successfully Execute Access Certification Process
  • Identity Analytics Is Making Certifications Smarter
    • Behavior and Data Analytics
    • Benefits of Identity Analytics in an Access Certification Process
  • Access Certification Market Assessment and Futures
  • Strengths
  • Weaknesses

Guidance

  • Develop a Culture of Compliance
  • Incorporate Identity Analytics and Risk Scoring
  • Utilize an Entitlement Catalog
  • Balance Volume, Frequency and Context
  • Prioritize Critical Systems
  • Add Microcertifications
  • Move Beyond Employee Populations
  • Engage Auditors Early and Often

The Details

  • The Framework of an Effective Access Certification Program
    • Assess Requirements
    • Build Technical Infrastructure
    • Define Scope
    • Administer Program
    • Conduct Campaign
    • Close Campaign

Gartner Recommended Reading

©2020 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.