Identity Governance & Administration (IGA) is commonly defined as “the policy-based centralized orchestration of user identity management and access control. Identity governance helps support enterprise IT security and regulatory compliance.” Or put into simpler terms, it’s putting in place a solution to ensure that the right people are getting access to the right things, at the right time. It sounds simple and it is- if you have less than 10 people in your organization.
So how are you going to manage your provisioning and de-provisioning of access accurately and efficiently?
How are you going to stay compliant? Most importantly- what are you going to do to keep your team sane and not overwhelmed with access requests?
The truth is that with the proliferation of devices, the ability to log on anywhere using VPN tools, and the increasing number of applications needed to do our jobs, this becomes a complex web of access that is hard to understand and even harder to work on. An IGA solution works with your Identity and Access Management (IAM) process to:
- Automate workflows
- Manage permissions
- Stay compliant with reporting
- Scale with your organization (no need to constantly replace or keep up)
However, while this solution can be a complete game changer for your organization, it is a big project with a substantial implementation period - so there are a few questions you should ask yourself before going down this road.
1. Is my organization big enough for an Identity Governance Administration solution?
The answer is, ask your IT team. Small to medium businesses typically don’t have as many people so they won’t have as many access needs. However, your IT team is who becomes directly impacted by the daily requests for provisioning, de-provisioning, certification and more. Therefore, in any organization, regardless of size, they will be the ones who know best about the volume of requests they are dealing with. Large organizations have many more demands placed on them than an SMB due to larger workforces and can quickly overwhelm an IT department costing time and money. With an IGA solution, you can automate workflows that will help with provisioning by role, bulk approvals, building roles, and more. These automated processes may not solve all of IT’s problems but they will drastically help to keep the access request overflow at bay. No matter the size of your organization you should ask yourself how important security is to your organization. The gap that lies between incorrect access and security concerns is where breaches live. If you are concerned about security then you need to be concerned about access risk.
2. What is the business case?
Are you looking to solve a short-term problem or to establish your organization for the future? Look at your business goals both now and in the future and decide if what you need is a few endpoint solutions to fix your security issues or if you need a more robust solution. If you do decide that an IGA solution is the way to go, make sure that you are presenting the case for it and not the few things it will fix. Buying an elaborate solution to fix one small issue isn’t efficient but buying a solution that will help multiple areas of your business for years to come is.
3. Will automation help?
Some things just can’t be automated. But for what can, why not take advantage of the cost and time savings? As part of your IAM policies or role building exercises, you should have defined roles and authorized applications tied to those roles. With automation, anytime someone is assigned a certain role they will automatically be provisioned for all associated applications
Another way automation helps is by forcing micro certifications for high-risk applications to ensure that people using the application are authorized, and not a bad actor who has made his or her way through your network.
4. How will this improve compliance?
First, look at how you are keeping up with compliance now. Most organizations have some kind of requirement showing how they keep access controls working and keep unauthorized users out. Are you currently tracking this manually with spreadsheets to compare and contrast? How quickly or efficiently are you getting these reports from the field and what is their accuracy?
Most manual compliance reports or audits are already different by the time the report is complete. An IGA solution automates this process by automatically tracking entitlements and presenting them in such a way that you easily see outliers in your organization so you can quickly investigate and remediate. All of this is done continuously, in real time, with recorded, exportable information to prove your compliance efforts.