Systems and methods for understanding identity and organizational access to applications within an enterprise environment

What is claimed is: 1. A system comprising: at least one processor; and a memory communicatively coupled to the at least one processor, the memory storing instructions executable by the at least one processor to perform a method comprising: collecting data about relationships between applications and metadata associated with the applications in a computing environment of an enterprise, the metadata including information concerning a plurality of users accessing the applications, the data comprising streaming identity, telemetry, events, and inventory; normalizing the telemetry, the events, and the inventory; updating a graph database including nodes representing the applications of the computing environment of the enterprise and edges representing relationships between the applications, each edge having a start node, an end node, a type, and a direction; enriching the graph database by associating the nodes with metadata associated with the applications; enriching the graph database by associating user accounts associated with the plurality of users with metadata associated with roles, organizational membership, privileges, and permissions associated with the plurality of users; analyzing the graph database to identify a subset of nodes being accessed by a user of the plurality of users; displaying, via a graphical user interface, a graphical representation of the subset of nodes and relationships between the nodes in the subset of the nodes; displaying, via the graphical user interface, a graphical representation of a subset of users defined by at least one of a group, a role, and an organizational membership and relationships between the nodes associated with the subset of users; displaying, via the graphical user interface, a graphical representation of the nodes representing the applications and groups of users accessing the applications; displaying, via the graphical user interface, a graphical representation of the permissions provided to the subset of users defined by at least one of the group, the role, and organizational unit in relation to the nodes representing the applications; comparing the permissions with relationships related to accessing the applications by the subset of users, the relationships related to accessing the applications being recorded to the graph database; and permitting a subset of communications between the nodes by generating a whitelist identifying at least one user of the plurality of users permitted to access at least one application, the whitelist including Role Based Access Control (RBAC) rules and permissions associated with the plurality of users to understand access currently allowed from the plurality of users to the applications, the permissions deployed via an application programing interface (API) onto an identity access management (IAM) system within the computing environment. 2. The system of claim 1 , wherein the metadata includes network logs of access events of the plurality of users into the applications. 3. The system of claim 1 , wherein the metadata includes telemetry data concerning an amount of data written to or read from the applications, types of operations conducted, access operations, time of day, and a client device used by the plurality of users. 4. The system of claim 1 , wherein the at least one processor is further configured to: analyze the graph database to detect a violation by the user of an access right to at least one application of the applications; and in response to the violation, generate a security policy disallowing at least one relationship between the at least one application and at least one further application in the graph database. 5. The system of claim 1 , wherein the at least one processor is further configured to access an identity store to classify behavior of the plurality of users into organizational units and roles associated with the plurality of users to represent organizational behavior associated with the plurality of users. 6. The system of claim 1 , wherein the at least one processor is further configured to: identify one or more of the permissions unutilized by the at least one user of the plurality of users; generate a score reflecting an accuracy of the permissions provided to the plurality of users; and recommend the one or more of the permissions for removal from the permissions. 7. The system of claim 6 , wherein the at least one processor is further configured to score a risk associated with the permissions for each of the applications to determine a criticality associated with the applications, and a degree of privilege associated with the plurality of users. 8. The system of claim 7 , wherein the at least one processor is further configured to determine an overall user access risk based on the accuracy of the permissions, the criticality associated with the applications, and the degree of privilege associated with the plurality of users. 9. The system of claim 1 , wherein the at least one processor is further configured to generate, based on the metadata associated with the accessing the applications by the plurality of users, further permissions for the plurality of users. 10. A method comprising: collecting data about relationships between applications and metadata associated with the applications in a computing environment of an enterprise, the metadata including information concerning a plurality of users accessing the applications, the data comprising streaming identity, telemetry, events, and inventory; normalizing the telemetry, the events, and the inventory; updating a graph database including nodes representing the applications of the computing environment of the enterprise and edges representing relationships between the applications, each edge having a start node, an end node, a type, and a direction; enriching the graph database by associating the nodes with metadata associated with the applications; enriching the graph database by associating user accounts associated with the plurality of users with metadata associated with roles, organizational membership, privileges, and permissions associated with the plurality of users; analyzing the graph database to identify a subset of nodes being accessed by a user of the plurality of users; displaying, via a graphical user interface, a graphical representation of the subset of nodes and relationships between the nodes in the subset of the nodes; displaying, via the graphical user interface, a graphical representation of a subset of users defined by at least one of a group, a role, and an organizational membership and relationships between the nodes associated with the subset of users; displaying, via the graphical user interface, a graphical representation of the nodes representing the applications and groups of users accessing the applications; displaying, via the graphical user interface, a graphical representation of the permissions provided to the subset of users defined by at least one of the group, the role, and organizational unit in relation to the nodes representing the applications; comparing the permissions with relationships related to accessing the applications by the subset of users, the relationships related to accessing the applications being recorded to the graph database; and permitting a subset of communications between the nodes by generating a whitelist identifying at least one user of the plurality of users permitted to access at least one application, the whitelist including Role Based Access Control (RBAC) rules and permissions associated with the plurality of users to understand access currently allowed from the plurality of users to the applications, the permissions deployed via an application progra