Access control governance using mapped vector spaces

What is claimed is: 1. A system for enterprise access control governance in a computerized information technology (IT) architecture that provides a plurality of computing resources to a plurality of users, the system comprising: a plurality of distributed server computing devices that coordinate over a network environment to: generate a first high-dimensional vector space comprising a plurality of nodes, each node in the first high-dimensional vector space representing a user of one or more computing resources in the IT architecture and including one or more attributes of the user; generate a second high-dimensional vector space comprising a plurality of nodes, each node in the second high-dimensional vector space representing an entitlement to access one or more computing resources in the IT architecture and including one or more attributes of the entitlement; create an entitlement utility matrix by mapping one or more nodes in the first high-dimensional vector space to one or more nodes in the second high-dimensional vector space based upon existing user entitlements to access computing resources in the IT architecture, wherein each mapping comprises a connection between a node in the first high-dimensional vector space and a node in the second high-dimensional vector space, the connection assigned a value indicating whether access is granted; determine a set of recommended access control entitlements for each of a plurality of users based upon the entitlement utility matrix, by analyzing existing access control entitlements for one or more other users, the other users associated with the user through a distance value; determine a first discrepancy between the set of recommended access control entitlements for at least one of the plurality of users and a set of existing user entitlements for that user; determine a level of security risk to the IT architecture associated with the first discrepancy by the set of existing user entitlements for the user; generate a visualization graph depicting the level of security risk to the IT architecture associated with the first discrepancy, the visualization graph comparing the set of existing user entitlements in relation to the set of recommended access control entitlements, and display the visualization graph on a display device coupled to the plurality of distributed server computing devices; and adjust the set of existing user entitlements for the at least one of the plurality of users based upon the level of security risk by generating programmatic instructions that are transmitted to each of a plurality of computing resources in an information technology (IT) access control system, wherein each of the plurality of computing resources executes the programmatic instructions to alter data structures that govern user access control entitlements, resulting in a reduced level of security risk for the IT architecture. 2. The system of claim 1 , wherein when determining the set of recommended access control entitlements for the plurality of users, the plurality of distributed server computing devices: determines a second discrepancy between the set of existing user entitlements for at least one of the plurality of users and a set of existing access control entitlements for a group of other users that share at least one attribute with that user, as represented in the entitlement utility matrix; determines a second level of security risk to the IT architecture associated with the second discrepancy by the set of existing user entitlements for the user; and generates the set of recommended access control entitlements for the at least one of the plurality of users based upon the second level of security risk. 3. The system of claim 1 , wherein the first discrepancy comprises an entitlement in the set of existing user entitlements for the at least one of the plurality of users that is not included in the set of recommended access control entitlements for that user. 4. The system of claim 1 , wherein the first discrepancy comprises an entitlement in the set of recommended access control entitlements for the at least one of the plurality of users that is not included in the set of existing user entitlements for that user. 5. The system of claim 1 , wherein the first discrepancy comprises a difference between a value assigned to an entitlement in the set of existing user entitlements for the at least one of the plurality of users and a value assigned to an entitlement in the set of recommended access control entitlements for the at least one of the plurality of users. 6. The system of claim 1 , wherein the one or more attributes of the user include: a job function of the user, a job role of the user, a title of the user, a manager to which the user is assigned, a business unit to which the user is assigned, and an organization to which the user is assigned. 7. The system of claim 1 , wherein the one or more attributes of the entitlement include: a name of the entitlement, a description of the entitlement, one or more privileged access flags, an application to which the entitlement is assigned, and a computing system to which the entitlement is assigned. 8. The system of claim 1 , wherein the entitlement utility matrix comprises a binary matrix including a value for each user-entitlement combination that indicates whether a user has access to an entitlement. 9. The system of claim 1 , wherein the plurality of distributed server computing devices: add a new node to the first high-dimensional vector space, wherein the new node represents a new user of one or more computing resources in the IT architecture and including one or more attributes of the new user; create an updated entitlement utility matrix by mapping the new node in the first high-dimensional vector space to one or more nodes in the second vector high-dimensional space based upon a set of recommended access control entitlements of another user that shares at least one attribute with the new user; determine a set of recommended access control entitlements for the new user based upon the entitlement utility matrix, by automatically discovering user-entitlement patterns in the entitlement utility matrix through collaborative filtering by predicting a set of access control entitlements for the new user based upon existing access control entitlements for one or more other users, the other users associated with the new user through a distance value; and store the set of recommended access control entitlements for the new user. 10. The system of claim 1 , wherein the plurality of distributed server computing devices: generate a second visualization graph depicting existing user entitlements for a plurality of users and one or more discrepancies between the existing user entitlements for the plurality of users and recommended access control entitlements for the plurality of users, the second visualization graph comprising a plurality of nodes each representing a user of the plurality of users, each node colored to indicate whether the corresponding user's access control entitlements are within an acceptable range of other similar users' access control entitlements, and each node connected to other nodes that correspond to users that have similar access control entitlements; and display the second visualization graph on a display device coupled to the plurality of distributed server computing devices. 11. A computerized method of enterprise access control governance in a computerized information technology (IT) architecture that provides a plurality of computing resources to a plurality of users, the method comprising: generating, by a plurality of distributed server computing devices that coordinate in a n