February 23, 2018 By Katherine Cola 2 min read

Business users today are looking for digital simplicity. Regardless of the activity itself, the goal is to establish an easy, pleasant and repeatable process. This expectation especially applies to making requests within an organization, such as requests for physical supplies or access to certain applications. If users have to jump through hoops to obtain items that will help them do their jobs, they’ll grow frustrated and look for alternative methods. Essentially, users are looking for one place to go to make any type of request.

When it comes to access-related requests, the process is more complicated. Line-of-business (LOB) managers are responsible for granting and recertifying access to applications. They are the ones that organizations rely on to validate that Joe the accountant should have access to the financial systems and files he needs, or that Lisa, who no longer works in human resources, should have her access to sensitive employee information revoked. LOB managers must understand requests in common business language so they can make the right decisions when it comes to granting access.

A Single Platform for Access Requests

Organizations need to bring all request activities together in a single platform that can make informed decisions using detailed identity insights. ServiceNow™, a popular service management platform, has been integrated with IBM Security Verify Governance to help facilitate requests in a user-friendly interface with comprehensive governance capabilities to keep them secure.

Think of ServiceNow as the face of the platform: Users can work from the familiar ServiceNow environment to submit any requests they might have. In the background, Verify Governance acts as the brain, figuring out what access the user should have in a closed-loop process that automatically returns the status back to ServiceNow.

Verify Governance in Action

Take the simple use case of requesting access to an application. Verify Governance provides a catalog of access that meets the principle of least privilege. With ServiceNow and Verify Governance working together, a user can log in to the ServiceNow platform and submit a request from the access catalog. This request is then sent to the user’s manager, who then approves or rejects it within ServiceNow.

In the background, Verify Governance is reviewing and processing the access request with built-in separation of duties (SoD) violation detection. These SoD checks happen in real time while the user builds the request content, before he or she submits it for approval. The SoD controls restrict access for users who show conflicting activities. For example, a user who is able to issue a purchase order should not be granted access to approve that purchase order. Once the access request is approved or rejected, Verify Governance automatically fulfills the request on the target application and updates that information back to the ServiceNow platform audit trail.

A Frictionless Help Desk Experience

With IBM Verify Governance integrated into ServiceNow, users can submit all requests in one location using the same interface they’ve always used to request IT support, access to business applications and even office supplies. This enables the LOB and IT managers to work together toward compliance and security goals while still providing end users with a familiar, frictionless help desk experience.

Read the data sheet: IBM Security Verify Governance

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today