Along with developing proper rules and roles, requesting access is one of the essential elements in developing a successful Identity Governance program. These capabilities come together to help grant end users the necessary and proper access to complete tasks.
But there are some common challenges when it comes to requesting and approving the correct access for users. One is ensuring that requesters are easily able to ask for access to the right applications and entitlements. A second is for approvers to be able to swiftly review requests and any associated risks, and make smart decisions to approve or deny access.
Both end users and approvers are faced with situations that hinder their ability to make wise decisions. The sheer number of applications, roles, and entitlements they’re faced with, the numbers which have greatly enlarged as businesses transform digitally. The average Saviynt customer has 150+ applications, 200,000 roles, and 250,000 entitlements an end user can choose from when requesting access. And each day, approvers need to review a minimum of 10 requests, containing an average of 5 roles or entitlements.
Another hindrance to proper access is that identity security and access management aren’t an end user's primary job. They don’t spend a lot of time within an identity governance platform or system, but when they do, it’s usually for an important or critical reason. Lack of familiarity with these systems complicates request and approval. Finding the right application to request access to and the proper entitlements can become very difficult in a short amount of time.
And approvers find it difficult to review requests. If they’re inundated with too many requests the chance for rubber stamping dramatically rises, leading to over provisioning and access misuse.
A lot of the time, requesters and approvers end up asking themselves the following questions:
- Which application(s) should I request for?
- Have I picked the right entitlement(s)?
- Is this access really required?
- Will the approver okay this?/Should I approve this?
At the end of the day, there’s a lot of guesswork that can go on throughout the entire process, ultimately increasing organizational risk and threat landscapes. So we have a process where the people doing the work are being taken away from their primary responsibilities and there’s a lack of context to support them when making decisions on what to request and what to approve.
Simplifying the Access Request Process
To help organizations, Saviynt has launched Intelligent Recommendations as part of our Intelligence Suite. By providing additional context and decision-making support, requesters and approvers are able to speed the decision-making process while increasing their confidence that they’re making the right decision. Our proactive approach not only saves considerable time by removing guesswork, but also increases efficiency by letting them maintain their focus on their primary duties.
Saviynt’s Intelligent Recommendations autonomously constructs a peer access model for delivering recommendations. Powered by a unique machine-learning algorithm, it requires minimal setup and provides accurate recommendations by crunching large volumes of access data. You can read more about it in this blog, but for now we’ll stick to how it supports requesting and approving access.
Image 1: Intelligent Recommendations automatically recommends applications, roles, and entitlements for access requesters, with explanations as to why a recommendation was given
Helping End Users Find Relevant Applications and Access Quickly
Typically, an end user needs to find an application from around 200 different possibilities. Saviynt provides a list of recommended applications based on peer access, eliminating any guesswork on the user’s part. Recommendations are backed up with a confidence score that lets them know the chance of a request being successful, as well as a list of reasons about why a specific recommendation was given.
Saviynt also provides support details in requesting the proper role(s) and entitlement(s) based on peer access, rather than needing to find the “right” ones from a pile of permissions.
Image 2: Requesters can easily see which requests are likely to be approved and understand why.
Assisting Approvers in Making Accurate and Swift Decisions
To help out access approvers, Saviynt provides similar confidence information by assigning a relative score to each requested item (entitlement and role), along with the reasons for the score and suggestion on whether or not to approve the request, to help guide them in making informed decisions.
Automating Approvals for Low-Risk Requests
Organizations leveraging Intelligent Recommendations can easily write business policies and utilize weighted scores to automate the approval of low-risk access requests. Easily changing the weights of various risk scores helps set scoring thresholds. Requests above threshold limits will still be escalated to the appropriate reviewers, while requests below set limits will be automatically approved. The benefit includes not slowing down business operations while approvers see a reduced number of needed approvals.
Conclusion
By simplifying the entire request and approval process, organizations can see significant gains in productivity while also reducing its threat landscape as end users and approvers spend more time on their primary duties. You can learn more about Saviynt’s Intelligence Suite and Intelligent Recommendations by visiting our web page, or ask to see a demo today!