Governance - Reconciliation
With HelloID, an identity and access management (IAM) solution, Tools4ever elevates account and user permission administration to a higher level. Governance plays an indispensable role in IAM. This article explores reconciliation. This is a process in which you compare the desired state with the current state and take measures to correct discrepancies. This not only maintains control over exceptions to your business rules but also ensures that certification and audit processes proceed smoothly.
Maintaining Control Over Exceptions
In HelloID, you define, using business rules, what the IAM solution must do. You determine the conditions a user must meet to be assigned specific permissions, for example, based on role or job function. In some cases, you want to deviate from this and make exceptions. For example, when a user needs permissions that differ from those of direct colleagues. Thanks to reconciliation, you maintain control over these exceptions.
Reconciliation is therefore an important control. You use it to compare whether the current state matches the desired state. You verify not only that accounts and permissions are correctly granted to users, but also that no accounts have inadvertently remained active or that users have been granted too many permissions. Thanks to reconciliation, you ensure that exceptions to business rules are correctly implemented, up to date, and not overlooked.
Validating Data
The goal of reconciliation is not to eliminate exceptions, but to validate them and correct them where necessary. This means you not only check whether created accounts are still needed and may remain active, but also whether accounts are missing. The same applies to permissions: you check not only whether granted permissions were assigned appropriately, but also whether accounts hold any permissions they should not have.
Reconciliation provides a clear overview of which data were reviewed and which actions follow. It is also convenient that you can implement any required changes directly from this overview. This allows you to quickly and smoothly restore all accounts and permissions to compliance.
Input for Audits
Reconciliation is an important process not only for maintaining control over exceptions to business rules, but also for supporting certifications and audits. Standards and frameworks such as ISO, NEN, and BIO require organizations to review the permissions they have granted regularly. Organizations must be able to demonstrate that access rights have been reviewed and corrected when necessary.
Reconciliation ensures this. HelloID records detect discrepancies, and any corrections you perform as a result are reflected in the standard log reports that HelloID provides via Elastic. This allows you to demonstrate, based on the actions taken, that you conducted the required reviews and implemented the necessary adjustments.
Perform Reviews Periodically
Reconciliation is a continuous process. You don't perform the reviews once; they are repeated periodically. You determine how often to run the reviews. For example, you can review the permissions related to an application that contains sensitive data more frequently. In contrast, you review access to a shared mailbox that is less sensitive less often. It is also possible to vary this by account type or application. An account with administrative privileges has a higher risk profile, and you can choose to review it more frequently.
To keep this process on track, we use a matrix that describes the different discrepancies. We also indicate whether a review is performed weekly, monthly, or annually.
Get Started
Ready to get started with HelloID Governance? On our website, more information about the capabilities is available. Have questions? Our experts are ready to help you!