Identity and Access management – GRC. Just the basics
Glimpse of GRC
Today we are going to have a sneak peak on GRC in terms of Identity and access management.
GRC stands for governance risk and compliance. Governance risk and compliance plays a vital role in the identity and access management domain. To talk broad about governance risk and compliance we need to understand the basics first.
First let's look into Governance:
Governance is related to the identity that has been created at the time of a person joining an organization. However, it is not always about users joining but it is also about uses who switch departments and also about users who go out of the organization. In short it covers the overall process of a user’s joiner, mover and leave i.e. JML.
Ok now let's take a peek into what risk means in terms of identity and access management:
Each and every organization of various type have their own risk models that was built during incorporation of the organization. Each risk model is associated to the risk appetite the organization. In other words a risk appetite is something more like an umbrella that protects an organization from rain but the overall rain is a big event and an umbrella can only protect the organization to the extent of its risk appetite.
Now let's take a look into the compliance:
Every organization sets some Expectations in terms of compliance as to how the identities are managed and certified based on their access from time to time.
It is essential to certify each and every access that a user so that audit requirement of each access is achieved and also prune any unwanted access that a user may poses without his/her knowledge for quite a long time. Many organizations purchase licensed copies of GRC products such as, OIM (oracle identity manager), SAP, SailPoint, RSA Aveksa and so on to simplify the management of GRC.
Final note on GRC:
These are the very basics of GRC. Any organization that wishes to have concrete policies and guidelines of Identity access management must take into consideration to setting up policies, rules and regulations based on the core principles of GRC. We will look in depth about GRC on upcoming identity and access management related articles.