Now that I have your attention, I want to talk about a topic that is incredibly important to the enterprise but that isn't getting enough attention.
This past month, our partner Aveksa, made available a study that they sponsored by the highly respected Ponemon Institute. The study covers trends in Access Governance and it's an eye opener. It's not our study to share but there are some highlights that I think all organizations might want to consider. The key findings from the study are as follows;
- User access rights continue to be poorly managed
- Organizations are not able to keep pace with changes to users' job responsibilities and they face serious noncompliance and business risk as a result
- Policies are not regularly checked and enforced
- Organizations lack budget, resources and staff for effective access governance
- Granting end user access to information resources is increasingly seen as the responsibility of business units, not IT staff
- Cloud computing is expected to impact access governance processes
- Company data and applications are considered the most at risk from poor access
Now stop, take a deep breath and slow your heart rate down because help is available. That help comes from us in the form of the Novell Access Governance Suite or the Novell Compliance Management Platform. Tools themselves are not enough to solve these issues and Novell has a number of partners with specific and proven expertise in this vertical.
As we look to help folks it's imperative that we not only show up together but that we broaden the scope and scale of our conversation. As Aveksa and Ponemon have asserted, the accountability for this subject doesn't lie predominantly in IT. In my own work helping organizations develop business cases to prioritize addressing these business threats, I've often started the interview process in IT and invariably we discover that people in legal, in audit, in marketing and of course in corporate security need to be involved to make the case strong. Most all of these folks have had a prior interest and commitment but were left out of the conversation, or had started down the road independent of IT, creating fractured approaches. If we together reach out to all of the participants and facilitate that conversation, we change the priority of this initiative.
Many organizations have historically ignored these concerns because there was no penalty. In many cases in years past, a "finding" occurred, but the faulting organization got a pass. According to Deloitte partner and friend Daniel Poliquin, this trend is over, with organizations seeing fines on the first finding and definitely if a finding recurs.
Organizations that implement an access governance process as part of a compliance initiative have also discovered that this process is ongoing, not something that gets pulled out of a drawer once a year. Those organizations have significantly reduced operational expense, risk and annual audit fees.
The problems are real, but so is the solution. Please take time to reach out to customers and prospects and not just to IT. Organizations need answers and we are in an ideal position to provide them.
Thanks for reading and until next time, peace.