ELI5: What is Identity Governance?
Identity governance is like a regular audit of who has keys to which rooms. It makes sure nobody has access they should not, and that old permissions get cleaned up.
Definition
Identity governance is the set of processes and policies used to ensure that user access rights remain appropriate, necessary, and compliant over time. It includes periodic access reviews (also called access certifications) in which managers or system owners review and either certify or revoke the access rights of their team members, preventing privilege creep and ensuring least privilege is maintained.
Key Details
- Access review: periodic (quarterly, semi-annual) process where managers certify user access is still appropriate
- Segregation of duties (SoD): ensuring no single user has conflicting permissions that enable fraud
- Privilege creep: the gradual accumulation of excessive permissions as users change roles
- Identity governance platforms automate the review process and track certification decisions
- Required by many compliance frameworks (SOX, PCI DSS, HIPAA) as a control to prevent unauthorized access
Connections
- Parent: identity-management — identity governance maintains the integrity of the IAM program over time
- See also: identity-lifecycle-management