On the surface, most people wouldn’t view identity and access management as a data problem. “Give me access to [some application] right now” is usually top of mind, followed by spite about access reviews, and possibly fear of audit issues, among other things. All of those are reasonable thoughts, but under the surface lies a big, nasty data problem.
Suppose you are fortunate (or unfortunate) enough to have a centralized identity management system that helps you manage access reviews. What data needs to come together to give you the information you need to perform an access review?