Building a successful Identity Governance & Administration (IGA) framework
CIOReview
CIOREVIEW >> Identity Governance and Administration >>

Building a successful Identity Governance & Administration (IGA) framework

Partha Chakraborty, Director – Infrastructure Security Architecture IS Strategy, Architecture & Innovation, Bank of Montreal
Partha Chakraborty, Director – Infrastructure Security Architecture IS Strategy, Architecture & Innovation, Bank of Montreal

Partha Chakraborty, Director – Infrastructure Security Architecture IS Strategy, Architecture & Innovation, Bank of Montreal

Why do we need IGA?

Today every industry is going through massive digital transformation initiatives to provide faster, better and cheaper services to their customers. Significant progress in development technologies like API & microservices, agile hosting services like cloud and high-speed mobility solutions are propelling the adoption of digital initiatives around the world. It has become even more important to look at the security aspects of the applications with cloud and mobile enablement where the traditional perimeter is diminishing at a fast pace. Managing identities and their access to the applications with full granular visibility is extremely crucial for the security teams. It is indeed a complex task to manage provisioning & deprovisioning of accesses needs across employees, customers and partners for an enterprise. IGA or identity governance and administration solutions form the backbone of a solid security foundation in today’s agile organizations.

IGA Components & Market Forecast

It is important to understand what functions are expected out of an IGA solution. Access provisioning, deprovisioning, entitlements management, ensuring separation of duty, access reviews & certifications, identity lifecycle management, analytics & reporting are some of the common themes across the vendors playing in this segment. According to a recent report published by the research firm Marketsandmarkets.com, IGA market is projected to grow up to $7.7B by 2023. Clearly there is a focus and interest in this segment from the security industry driven by risk & compliance needs.

Focus areas of a successful IGA Implementation – is it a technology or business problem to solve?

Often organizations spend more time in selecting a technical feature rich product to implement IGA where as the success the of the program lies on the proper integration of technology with the business processes. If an organization does not have the right processes and governance in place at HR or Finance departments to identity and track an employee in its journey through the organization, technology solution alone will not be able to enforce a proper identity governance. There are organizations where voluntary or involuntarily terminated employees maintain access to the corporate system for extended duration of time, vendor partners retain system access after the closure of the contract. These loopholes in identity and access governance lead to security incidents and data breaches. The following are the focus areas for security teams to implement a solid identity governance program.

• Understand the business process

Understanding the interactions between HR, finance, administration departments during the lifecycle of an employee, customer or contractor is critical. One should focus on reviewing the processes, make changes if necessary to detect employment and contract statusor reflect change in the job or role immediately.

• Workflow & integration

IGA tools should be able to build workflow between different organizational functions and integrate with departmental information systems. For example, an organization may use Workday for HR and custom home-grown software for fiancé department, if the identity governance solution cannot build integration through the connectors between these application systems, it will not be a successful implementation.

• Analytics & automation

The solution should have good analytics and reporting capability to detect anomalies leading to improper or over permissive access, create security risk and compliance violations. Automation should be at the core of any IGA solution to make it agile in building integration with organizational business processes.

• Training & awareness

Everyone has a role in ensuring a proper identity and access governance in the organization. Adequate time and energy should be spent to build the awareness program and ensure people know their roles, available tools and responsibilities in completing timely access reviews and compliance certifications.

Disrupting Technologies in IGA Space

RPA or robotic process automation is going to disrupt the IGA industry as building connectors with discrete administrative systems in any organization will rely heavily on automation. We need to keep a tab on vendors investing on RPA technologies in their IGA tools. Artificial intelligence(AI) is another area that will take IGA to the next level. AI is the new way of life, it is disrupting every technical field and IGA will not be any exception. Futuristic IGA tools should be able to understand the business process and adapt with the needed change in automation scripts to make it agile in closing the governance needs. The shift from on-prem to cloud bases subscription services will be something to watch for to reduce the operating cost and increasing the agility of IGA solutions.

Read Also

Basic And Applied Research In Aerospace Sciences At The Office Of Naval Research

Basic And Applied Research In Aerospace Sciences At The Office Of...

Knox T. Millsaps, Ph.D., SES Director, Division of Aerospace Sciences Office of Naval Research
CRM: The New Center of the Marketing Universe

CRM: The New Center of the Marketing Universe

Ryan Malone, Founder and CEO of SmartBug Media™
Insurance Market is in Full Swing in Tune with the Digital Transformation

Insurance Market is in Full Swing in Tune with the Digital...

Adilson Lavrador, Executive Director of Operations, Technology and Claims, Tokio Marine Seguradora
A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality Assurance Team

A Pro-Active Risk Management Approach Guides Pg&E's Supplier Quality...

Jamie Martin, Vice President of Supply Chain and Chief Procurement Officer, Pacific Gas and Electric Company
The Future Of Oil And Gas Industry With Digital Solution

The Future Of Oil And Gas Industry With Digital Solution

Azfar Mahmood, Product Manager, Jeremy Angelle Vice President Digital Solutions at Frank’s International
Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Epc Oil And Gas Companies’ Role In Scaling Up In Energy Transition

Matthew Harwood, GVP Strategy and Sustainability, McDermott International