Identity and Access Management (IAM) is a framework of policies and high standard technologies built to ensure organizational users are granted the appropriate access to resources. Read more about What is Identity and Access Management? Many factors come in play to make this process successful. Attestation and reconciliation are on the list of requirements.
Attestation is a familiar term when it comes to approval and/or providing evidence that something is true. In identity and access management, attestation is an ongoing review and confirmation process that helps organizations reduce risk by granting users the right access to systems and applications, evaluating the risk associated with that access and reviewing access deemed as risky or inappropriate.
Attestation is not only a good business practice, but often required for all sorts of regulatory and compliance reasons.
By definition, reconciliation is the process of verifying consistency and compatibility across different access control systems. Failure of addressing access issues often creates high levels of corporate risk and exposes the organization to compliance risk, especially when duplicate instances of the same record exist, or records with orphan unique identifiers, i.e. employee ID or social security number, exist. Then manual fixes take place to eliminate these data quality issues to avoid risk exposure. The labor involved cost the organization a significant amount of hours and work.
Automating attestation and reconciliation processes eliminates the need for IT intervention as all verifications and access validation is carried out automatically, based on specific elements previously designated. If the life cycle of a user is automated, once a new hire request is placed, a user is created and provided with initial appropriate access at the date of hire. Down the road, if the user is promoted, different appropriate access is granted. Advanced Identity & Access Management products allow you to configure access rules and workflows for the granting of access on a user and group basis.
In a large environment where thousands of changes are made to user accounts on a daily basis, it is hard to track down events. Who has access to what and who granted the access? These questions are difficult to answer when approached manually. Read more about gaining an insight into the current access rights of your file system in our blog post Why Organizations Need Automated Reporting.