For compliance professionals in regulated industries, there’s perhaps no greater challenge than identity management. Call it a program, a best practice, or simply a daily struggle to account for all users and all the systems to which they have access—identity management is a beast that is tough to tame. It can be 99 percent effective, but that nagging, non-compliant one percent can leave a reputational dent if discovered by an audit, or worse, provide the gateway for an insider to wreak havoc, either accidentally or intentionally. There are many applications on the market that make tantalizing claims about solving the identity problems once and for all, but companies should adopt these tools with their eyes open and their expectations in check.
