How identity governance and access management systems differ

Access management is the process by which a company identifies, tracks and controls which users have access to a particular system or application. Access management systems are more concerned with the assimilation of users, creating profiles and the process of controlling and streamlining the manual effort of granting users the proper access and roles. Having a process and the due diligence in place to create the roles, groups and permissions first is necessary with access management. Access management systems rely on the framework of which users have which rights and how that's accomplished.

This is somewhat different from identity governance, in which administrators are more concerned about giving users new access to roles and alerting the security team to attempts by unauthorized users to access resources.

Identity governance relies on policies to determine if updated access is too risky for a particular user based on his previous access and behavior. These governance policies can be put into an automated workflow when a change is deemed a risk, and allows the owners of the application or the data to sign off on the update. This fixes the issue of having to recertify users annually, and takes more of an incremental approach to auditing access. Read the rest of my article at the link below:

http://searchsecurity.techtarget.com/answer/How-do-identity-governance-and-access-management-systems-differ