Access is the extent of a service’s or asset’s functionality that a particular user is authorized to use.
ITIL access management is the process responsible for allowing only authorized users to access certain assets and IT services while preventing unauthorized users from accessing it.
The main objective of ITIL access management is to safeguard the data from being accessed by unauthorized users. This is extremely vital for an organization as critical data falling into the wrong hands could cause irreversible damage to the company.
The first step is to request access to a particular IT service by sending one of the following types of requests.
A Standard request sent directly from the Human Resources department
A request for change sent from the change management process
A service request raised from the service desk
An auto-provisioning request where smaller requests are automatically handled.
It is the duty of access management to verify the identity of the user making the request and the legitimacy of the request being made.
After the identity of the user has been verified, the access management grants him the right to access a particular IT service as per the regulations defined during the ITIL Service Strategy. If undefined, the access management grants the user, rights to access the service after sending requests to the respective departments in question and receiving approval.
Monitoring identity status
In a large organization, there is a constant change of employees in a particular position or requesting IT service access. It is the duty of the access management to keep track of all the access rights granted to the various employees and update them once the relevant employees are no longer in that position.
Logging and tracking access
Access management also has to keep constant tabs on the IT service users who have been granted access. All the activities of Service Operation processes should be monitored to ensure that only the users with the relevant clearance and authorization are accessing a particular IT service. They should also define parameters which make it easy to detect intrusions into the system by unauthorized users, excess incorrect login attempts, and unusual activities.
Removing or restricting access rights
The access rights of a user have to be monitored so that when the role of the user changes over a period of time and he no longer needs access to a previously needed IT service, the authorization for access should be revoked. Depending on the present status of the user, their access needs to be restricted or terminated accordingly.
Access Management provides the following values to business
It ensures that by controlling the access to different IT services, the confidentiality of information will be maintained.
It ensures that the employees have only the required level of access to complete their jobs effectively.
It reduces the possibility of an error being induced in the use of a crucial service by not allowing unskilled users to access them.
It provides a means to audit the IT services and trace any misuse of the services.
It ensures that the access to the service to a particular user can be withdrawn when needed to comply with security requirements.
Access management is thus successful in safeguarding the data from being accessed by unauthorized users, which is extremely vital for an organization. This prevents critical data falling into the wrong hands and prevents damage to the company.