If your organisation has more than a few employees, who use more than a few applications to do their jobs, then you are already doing identity governance and administration (IGA) without even realising it. In some cases, you may have a specific person or IT system to help you with this process.
Getting rid of the buzz words
Let’s split out the term ‘Identity governance and Administration’ and define ‘Identity Governance’ and ‘Administration’.
Identity Administration refers to the activities an organisation must perform in order to make sure that all users that interact with the organisation - be they employees, contractors, partners or customers – have just the right level of access to systems and applications that they need in order to be effective in their role, whilst ensuring that nobody has any access that they don’t need or shouldn’t have.
Identity Governance refers to the process when organisation needs to be able to prove that access is being managed properly, for example as part of the internal audit process or to support regulatory compliance efforts.
Put simply, when combining both terms together, IGA allows an organisation to control and manage user access based on central policies. In other words, controlling who has access to what, where and how.
It is possible to do IGA using a combination of spreadsheets, helpdesk tickets and elbow grease?
‘Homegrown IGA’ - and indeed many organisations do; however, it quickly becomes apparent, even for small businesses, that there are serious limitations to this approach – both in terms of efficiency and security – which means it is not viable beyond low hundreds of users.
Problems associated with a manual, spreadsheet and ticket driven approach
Humans tend to be focused on the job at hand – meaning that they are quite good at giving access but very poor at remembering to take it away when no longer needed. In addition to this, the actual process of managing user accounts across many different applications is extremely time consuming, which can lead to long delays in granting access or taking it away.
The answer to these challenges lies in IGA systems – these are software platforms that are built to fully automate the processes involved in managing access as outlined above. They typically automate the management of user accounts across all of the applications in the organisation, automatically calculate access rights according to a user’s role and provide tools to prove that access is being managed in accordance with policy.
Provide the tools to make sure that your users have the right access to the right systems and data
Ensure that none of your users have more access than they need
Help you prove to auditors that you are managing access in line with compliance or policy requirements
Automate onboarding and offboarding, eliminating mistakes and relieving workload from IT and HR
IGA solutions have been available for some time, but due to the complexity and cost of the technology have typically been the preserve of very large enterprises – the license fees and consultancy costs associated with deployment have typically meant that IGA systems have been out of the reach of SMEs and midmarket organisations. However, with the increase in regulation and compliance requirements (ISO27001, HIPPA or PCI-DSS), smaller organisations face the same need to manage and govern access – and just because they are smaller, it doesn’t follow that it is easier. Happily, there is a new breed of IGA solutions which aim to simplify the technology and make it available to all organisations regardless of size.
Do you need and Identity Governance and Administration platform?
|If you answer ‘no’ to any of these questions, your organisation would benefit from implementing an IGA platform:||