NC Feb-Mar 2024
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
OPINION: IDENTITY MANAGEMENT<br />
other words, whereas in the past IAM projects<br />
were seen as pure technical plays to shift data<br />
from A to B, now they can be positioned as a<br />
solution to a business need, not just a tool.<br />
As more organisations use the configured<br />
out-of-the-box standard, innovation can today<br />
focus on the flexibility of the core product<br />
instead of the error-prine and high-cost codebased<br />
customisation.<br />
SELF-SERVICE OPTIONS HAVE<br />
EXPANDED AS USER BASE GROWS<br />
It used to be that IGA was a domain that<br />
required specialists - a core team of two to five<br />
specialists who were tasked with keeping your<br />
organisation compliant. That approach has<br />
changed, largely out of necessity, given the<br />
number of people and roles within a typical<br />
organisation today. More people are using<br />
IGA solutions in most companies, from<br />
requesting access to recertifying and from<br />
creating role definitions to onboarding<br />
employees. To meet these needs, we've seen<br />
many IGA offerings evolve to be able to<br />
distribute tasks in an easier way, throughout<br />
the entire organisation.<br />
Operations are changing faster than in the<br />
past, and the exposure of individuals in the<br />
business has continuously risen. As the<br />
operation of the solution gets less complex and<br />
fewer tickets go to the service desk and<br />
operations team, they can focus on<br />
broadening the scope of the IGA solution<br />
(connecting to more systems), to go deeper<br />
than before (segregation of duties, risk<br />
concepts, roles) or to think outside of the box<br />
of IGA to integrations with privileged access<br />
management (PAM), customer identity and<br />
access management (CIAM), security<br />
information and event management (SIEM)<br />
and other identity-related solutions.<br />
MORE SYSTEMS, MORE IDENTITIES<br />
An average enterprise might be using as many<br />
as 130 different SaaS apps and all of these<br />
apps are also creating new digital identities.<br />
It's no wonder, then, that the number of<br />
identities that need to be managed has<br />
continuously risen in the last 10 years. With<br />
more cross-organisational collaboration, the<br />
adoption of cloud services and remote work,<br />
this trend is on an upward trajectory.<br />
The number of relations between identities<br />
and systems is exponentially increasing. Larger<br />
enterprises have many more connections than<br />
smaller ones. Additionally, not all identities and<br />
systems are under direct control anymore. For<br />
example, suppliers and contractors are<br />
typically not managed by the HR system, and<br />
your employees have work-related access to<br />
systems that you don't own.<br />
THE RISE OF INTEGRATIONS<br />
It was common in the past to see the individual<br />
identity management solution as an isolated<br />
element of your cybersecurity strategy. But<br />
things have changed, such as the rise of<br />
visionary Identity Fabric strategies. They<br />
represent a forward-looking approach to IGA,<br />
aiming to create a unified, flexible and secure<br />
identity management framework that aligns<br />
with an organisation's current and future<br />
needs. These strategies often leverage modern<br />
technologies like AI, automation and analytics<br />
to enhance identity governance and security.<br />
An emphasis on zero trust (assuming every<br />
person or device is not trustworthy until<br />
verified) is another change. It's become<br />
increasingly apparent that the many pieces of<br />
your identity infrastructure - including multifactor<br />
authentication (MFA), PAM, CIAM and<br />
IGA - need to collaborate in a seamless way.<br />
A typical enterprise has solutions by various<br />
vendors, ongoing transformation projects and<br />
extensions to the existing set of functionalities.<br />
IGA plays an essential role in this scenario, as<br />
it is the integration layer in many regards,<br />
allowing the other solutions to be<br />
more effective.<br />
IGA IN ACTION<br />
As one example, the PAM solution allows<br />
you to protect your securable assets. IGA<br />
allows you to classify those assets, create a<br />
comprehensive risk analysis and define the<br />
list of assets that need to be secured.<br />
Another use case is the deactivation of<br />
accounts triggered by third-party solutions.<br />
For instance, IGA can get the signals about<br />
unexpected user behavior from Microsoft<br />
Threat Protection and disable all personal<br />
and administrative accounts of the<br />
individual within seconds, in a compliant<br />
and auditable manner.<br />
The integration of the company's user<br />
interface for standard IGA tasks, such as<br />
requesting and approving access, is a<br />
third example that's becoming increasingly<br />
relevant. If you are using common user<br />
interfaces for your end users, such as<br />
ServiceNow, you can allow them to<br />
perform their tasks inside the platform<br />
they're familiar with. Creating open APIs<br />
and the availability of interwoven use<br />
cases is key for leveraging your IAM<br />
solutions far better.<br />
IGA AT THE CORE<br />
IGA is the core of modern identity<br />
management ecosystems. You can't fix<br />
today's problems with solution patterns<br />
from a decade ago. You need more of an<br />
advisory mindset with a business focus<br />
instead of a purely technical approach. If<br />
you're aware of the leaps of functionality<br />
that modern IAM solutions have gone<br />
through, you can reduce the effort required<br />
for integration, increase the measurable<br />
business value, achieve a more secure<br />
solution and reduce the long-tail operation<br />
and migration costs that legacy solutions<br />
have. Getting this right will enable you to<br />
leverage mega-trends like AI more<br />
effectively and maximise the value of<br />
identity governance. <strong>NC</strong><br />
WWW.NETWORKCOMPUTING.CO.UK @<strong>NC</strong>MagAndAwards FEBRUARY/MARCH <strong>2024</strong> NETWORKcomputing 29