Many information systems, such as SharePoint, Dropbox, Ofﬁce 365, Google Drive and File Shares use complex and inconsistent access controls.
This creates a real headache when required to comply with GDPR, PCI DSS, HIPAA, SOX and other critical regulations.
They are often technical, and disjointed from the operations business. Clean-ups are needed to try and keep access permissions up-to-date with the constantly changing business.
As a result, there is often no easy way to know who has access to what, why they have it, or whether they still should.