Most managers in most big companies will be familiar with periodic access reviews. Once a quarter an email arrives telling you to review all staff access. You have an hour before your next meeting to review 10 team members, each of whom have access to about 50 systems and none of the systems has a name you recognise. Your heart sinks; it’s a time consuming task and you have no evidence that what you’re doing is correct or even useful. Well, based on Idax’s research you’re right – about 15% of all reviewed access rights are removed and the effectiveness is no better than random. So what should you do?Read More