NC Feb-Mar 2024

OPINION: IDENTITY MANAGEMENT
other words, whereas in the past IAM projects
were seen as pure technical plays to shift data
from A to B, now they can be positioned as a
solution to a business need, not just a tool.
As more organisations use the configured
out-of-the-box standard, innovation can today
focus on the flexibility of the core product
instead of the error-prine and high-cost codebased
customisation.
SELF-SERVICE OPTIONS HAVE
EXPANDED AS USER BASE GROWS
It used to be that IGA was a domain that
required specialists - a core team of two to five
specialists who were tasked with keeping your
organisation compliant. That approach has
changed, largely out of necessity, given the
number of people and roles within a typical
organisation today. More people are using
IGA solutions in most companies, from
requesting access to recertifying and from
creating role definitions to onboarding
employees. To meet these needs, we've seen
many IGA offerings evolve to be able to
distribute tasks in an easier way, throughout
the entire organisation.
Operations are changing faster than in the
past, and the exposure of individuals in the
business has continuously risen. As the
operation of the solution gets less complex and
fewer tickets go to the service desk and
operations team, they can focus on
broadening the scope of the IGA solution
(connecting to more systems), to go deeper
than before (segregation of duties, risk
concepts, roles) or to think outside of the box
of IGA to integrations with privileged access
management (PAM), customer identity and
access management (CIAM), security
information and event management (SIEM)
and other identity-related solutions.
MORE SYSTEMS, MORE IDENTITIES
An average enterprise might be using as many
as 130 different SaaS apps and all of these
apps are also creating new digital identities.
It's no wonder, then, that the number of
identities that need to be managed has
continuously risen in the last 10 years. With
more cross-organisational collaboration, the
adoption of cloud services and remote work,
this trend is on an upward trajectory.
The number of relations between identities
and systems is exponentially increasing. Larger
enterprises have many more connections than
smaller ones. Additionally, not all identities and
systems are under direct control anymore. For
example, suppliers and contractors are
typically not managed by the HR system, and
your employees have work-related access to
systems that you don't own.
THE RISE OF INTEGRATIONS
It was common in the past to see the individual
identity management solution as an isolated
element of your cybersecurity strategy. But
things have changed, such as the rise of
visionary Identity Fabric strategies. They
represent a forward-looking approach to IGA,
aiming to create a unified, flexible and secure
identity management framework that aligns
with an organisation's current and future
needs. These strategies often leverage modern
technologies like AI, automation and analytics
to enhance identity governance and security.
An emphasis on zero trust (assuming every
person or device is not trustworthy until
verified) is another change. It's become
increasingly apparent that the many pieces of
your identity infrastructure - including multifactor
authentication (MFA), PAM, CIAM and
IGA - need to collaborate in a seamless way.
A typical enterprise has solutions by various
vendors, ongoing transformation projects and
extensions to the existing set of functionalities.
IGA plays an essential role in this scenario, as
it is the integration layer in many regards,
allowing the other solutions to be
more effective.
IGA IN ACTION
As one example, the PAM solution allows
you to protect your securable assets. IGA
allows you to classify those assets, create a
comprehensive risk analysis and define the
list of assets that need to be secured.
Another use case is the deactivation of
accounts triggered by third-party solutions.
For instance, IGA can get the signals about
unexpected user behavior from Microsoft
Threat Protection and disable all personal
and administrative accounts of the
individual within seconds, in a compliant
and auditable manner.
The integration of the company's user
interface for standard IGA tasks, such as
requesting and approving access, is a
third example that's becoming increasingly
relevant. If you are using common user
interfaces for your end users, such as
ServiceNow, you can allow them to
perform their tasks inside the platform
they're familiar with. Creating open APIs
and the availability of interwoven use
cases is key for leveraging your IAM
solutions far better.
IGA AT THE CORE
IGA is the core of modern identity
management ecosystems. You can't fix
today's problems with solution patterns
from a decade ago. You need more of an
advisory mindset with a business focus
instead of a purely technical approach. If
you're aware of the leaps of functionality
that modern IAM solutions have gone
through, you can reduce the effort required
for integration, increase the measurable
business value, achieve a more secure
solution and reduce the long-tail operation
and migration costs that legacy solutions
have. Getting this right will enable you to
leverage mega-trends like AI more
effectively and maximise the value of
identity governance. NC
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards FEBRUARY/MARCH 2024 NETWORKcomputing 29