Technology Category Overview

Identity and Access Tools

Identity and access tools govern who has access, why access exists, when access changes, and how privileged activity is controlled. In insider risk, these tools reduce exposure created by over-broad access, retained access, privileged access, delegated access, and weak access review practices. Common tool categories include identity and access management, identity governance and administration, privileged access management, single sign-on, multi-factor authentication, conditional access, access recertification, break-glass access management, and service account governance.

What It Helps Answer

  • Who has access to sensitive systems and data
  • Whether access matches role, status, business need, and risk context
  • Which users have privileged, break-glass, shared, service, or delegated access
  • How quickly access changes after transfer, contract end, or departure

What It Does NOT Answer

  • They do not detect all misuse of approved access.
  • They do not create effective governance when access reviews are treated as rubber-stamp exercises.
  • They do not answer Insider Risk Exposure Management questions—such as identifying which capability gaps matter most or proving program improvement—which requires a dedicated exposure platform like RiskTKO®.

Insider Risk Capability Framework™ (IRCF™)

Identity and Access Management; Data Protection; Personnel Assurance; Monitoring; Risk Management and Reporting.
Last reviewed on June 24, 2026
Insider Risk Content Lead