• i-confidential

Why Failure to Recertify Leaves You With The Huge Risk of Access Creep


By Chris Harragan, Security Analyst at i-confidential

Access creep is a major cyber security problem.


The longer you work for an organisation, the more access rights you gradually accumulate. And without the right processes in place, those access rights are never removed. Before you know it, the whole concept of access controls has gone out the window. This is a huge security risk.


The principle of least privilege helps to solve access creep.


If employees are limited to the minimum access required to do their job, then most of the risk of inappropriate access is eliminated. It works well in theory. Yet, it doesn’t work in isolation. Without processes in place to remove any access that is inappropriate, you’re back to square one.


That’s where recertification comes in. It prevents access creep from getting out of control.

Regular reviews ensure that people who acquire additional access don’t keep it for longer than necessary. Reviews help bring the principle of least privilege to life. They give people the opportunity to identify where access is no longer needed.


But a consistent access recertification process is difficult to implement.


It’s both time and resource intensive. This leads organisations to think that relying on recertification software will fix the issue. It won’t.


Organisations have a mass of complex data to contend with – across many applications, legacy systems, etc. Integrating all of these systems into a centralised process isn’t easy. This makes it difficult to deliver recertification on a consistent basis. And when it’s not done consistently, that’s when access creep returns. Therefore, the problem isn’t solved, leaving critical systems at risk. And you’re stuck with the same issues.


Our Access Recert service is designed to tackle exactly this problem:


  • We offer a consistent approach that accurately identifies the access rights requiring revocation.

  • With access reviewed on a quarterly basis, users don’t hold onto inappropriate access for long.

  • Our service is easily scalable to increase the coverage of applications reviewed.

  • And we don’t use software to do it.


Whilst many struggle to implement software or try to handle the problem on their own manually, our service successfully prevents access creep becoming an issue.


Want to learn more? Contact us at info@i-confidential.com