Access Attestation

In general, attestation means approval and providing evidence that something is true.

In Identity and Access Management (IAM), Access Attestation is an ongoing review and confirmation process that helps out organization reduces risk by granting users the right access to data, systems and/or applications, evaluating the risk associated with that access and reviewing access deemed as risky or inappropriate.

Access attestation is generally required by obligations and/or compliance reasons. It is also considered a good business practice. In a large environment where lots of changes are made to user accounts on a regular basis, it is hard to track such events. We need to have a good visibility over different aspects of identity and access like who has access to what, who granted the access and who approved it?

IAM allows mapping business process to identity and access processes, and provides a unified view by providing the ability to match identity records from an IAM tool/service or a directory service like Microsoft Active Directory and identify multiple records across data sources. In most large organizations, access attestation (aka Account Review or Access Review) is a yearly process where managers and/or data owners review who has access to what to confirm that each user/role has access only to the resources necessary to perform his/her job function. you need to do it in order to prevent users from accumulating unnecessary privileges and decrease the risk associated with having access to more than what they need to know.