CyberArk Glossary >

What is Access Certification?

Access Certification facilitates the review of a user’s access privileges and requires a third-party to certify that the access should continue to be granted for a designated period of time. This function is typically performed within Identity Security platforms or Identity Governance and Administration (IGA) tools.

The Challenge

In many businesses, a diverse set of users have access to critical systems, sensitive applications and confidential data. These users could be employees, contractors, temporary workers or vendors. Yet many organizations rely on manual processes to manage and track access rights across the user lifecycle — a resource-intensive, error-prone approach that is fraught with risk.

Internal and external threat actors routinely exploit over-permissioned or orphaned accounts to steal confidential data and orchestrate attacks.

Access Certification Applied to Risk

Access certification functionality helps businesses protect against security breaches and data theft by preventing privilege abuse and eliminating privilege creep or dormant accounts when users change roles, switch departments, or leave the company. Access can be certified by an administrator, manager or other designated individual or group of individuals configured within the compliance solution. Access certification functionality ensures the right users have the right access rights to the right resources and/or privileged accounts for the right reasons.

A manager, for example, could be assigned as the certifier for a contractor’s access permissions, requiring the manager to verify that access is still needed to an application such as Salesforce and certifying it for another month.

Compliance solutions let corporate information security and IT organizations efficiently manage digital identities and access rights across systems. They help businesses strengthen security, reduce risk, and improve compliance with government regulations, industry standards and corporate policies.

Defending Against Cyberattacks and Data Theft

Comprehensive identity compliance solutions are designed to support automated access certification campaigns that can make it easier to audit user access rights and automatically revoke or adjust access privileges for both privileged accounts (e.g., admin accounts) and non-privileged accounts.

For example, an organization might require supervisors to review and re-certify access rights to an application containing sensitive customer data or to a privileged access management system vault on a monthly basis. Or an organization might require a manager to approve access to a particular application on an ad hoc basis in response to a policy violation or suspicious activity.

Comprehensive solutions provide centralized administration and reporting for heterogeneous IT environments, supporting SaaS solutions and line-of-business applications running in public clouds, as well as traditional on-premises systems and applications.

Improving Regulatory Compliance

Businesses can leverage access certification functionality to enforce role-based access controls, the principle of least privilege, and other access security requirements to address a variety of data privacy mandates and cybersecurity regulations and frameworks, including:

Data Privacy Regulations

CyberSecurity Regulations

CyberSecurity Frameworks

Most identity compliance solutions provide reports, detailed access logs, and administrative dashboards to help IT and security teams demonstrate compliance and streamline audits.

Learn More About Access Certification