Governance - What and Why?
HelloID is Tools4ever's identity and access management (IAM) solution. The solution elevates account and permission management. Governance also plays a critical role. Governance ensures you can always trace and demonstrate which actions were performed and why. It also helps you complete certification processes or audits more easily. This article explains governance and how HelloID supports you in this area.
What is Governance?
Governance refers to the system of rules, practices, and processes by which an organization is directed and controlled. It clarifies, among other things, why decisions were made and how responsibilities are assigned. Within HelloID, governance is focused specifically on IAM. This means that the IAM solution records in detail which actions were performed and why.
Why is Governance Important?
An IAM solution ensures that the right users have access to the applications, systems, and data sources they need at the right time. IAM is therefore closely tied to your organization’s digital security. This also means strict requirements apply to IAM processes. These come not only from laws and regulations, but also from certifications such as ISO 27001, NEN 7510, BIO, and SOC 2.
HelloID Governance provides significant support in this area. The module gives you detailed insight into the IAM processes executed by HelloID. This is important because it enables you to demonstrate compliance with laws and regulations, and it simplifies certification efforts and audits. It also allows you to quickly gain clarity when issues or questions arise.
In addition to oversight, HelloID Governance also enables you to execute the actions required to remediate issues or to perform verifiable checks. The module bridges policy and execution.
Extension to HelloID Provisioning and Service Automation
HelloID Governance is an extension to HelloID Provisioning and HelloID Service Automation. It supports both modules and works in concert with them.
HelloID Provisioning
HelloID Governance can evaluate the issued accounts and entitlements from HelloID against the business rules configured in HelloID Provisioning. This gives you insight into accounts and entitlements that were assigned outside the business rules and, therefore, manually. We call this functionality “reconciliation.” The feature also provides direct actions to correct detected deviations or temporarily allow them. HelloID also records these deviations and any corrections in the standard log reports that HelloID provides via Elastic.
In some cases, you want to ensure that certain entitlements can never be combined. For example, to prevent a user who creates invoices from also being able to pay invoices. Or to exclude users from licenses for applications with overlapping capabilities to control costs. HelloID enables this through a feature called Toxic Policies. This keeps specific entitlements segregated and guarantees they can never be assigned to the same user.
HelloID Service Automation
HelloID Governance also provides significant support for HelloID Service Automation. You can use HelloID Governance to review or re-evaluate product requests submitted through HelloID Service Automation. This is important because, through HelloID Service Automation, users can request access for themselves to specific applications, systems, and data sources. These requests bypass the configured business rules or an authorization matrix, and therefore allow exceptions. These exceptions are important, but they require additional controls to ensure that only authorized individuals receive access to applications and systems.
HelloID Governance supports this with a feature called “recertification.” With this feature, you can periodically evaluate specific product groups. These evaluations are also recorded directly in your log files. This allows you to demonstrate compliance with laws and regulations and to complete certification processes and audits more easily. You define the frequency of the periodic evaluation yourself. You can also run evaluations more or less often based on the risk profile of a specific product group. You stay in full control.
Get started
Do you want to get started with HelloID Governance? On our website, you will find more information about the capabilities. Do you have questions or want to contact our experts? We are here to help!