{"id":2134,"date":"2024-06-05T09:00:00","date_gmt":"2024-06-05T13:00:00","guid":{"rendered":"https:\/\/readibots.com\/?p=2134"},"modified":"2024-06-17T13:38:46","modified_gmt":"2024-06-17T17:38:46","slug":"thecyberhut-connecting-the-dots","status":"publish","type":"post","link":"https:\/\/readibots.com\/staging\/thecyberhut-connecting-the-dots\/","title":{"rendered":"Connecting The Dots: Why IAM Data Management Needs Agile Automation"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Failings of Existing IAM Data Management<strong><\/strong><\/h2>\n\n\n\n<p>The commercial management of Identity and Access Management data is over two decades into its journey &#8211; from auth source provisioning and connector management through to access review and request management. Sometimes driven by compliance, nearly always sitting under IT operations and aiming to deliver productivity and efficiency savings. That journey has been long, complicated and at times in <strong>distress<\/strong>.<\/p>\n\n\n\n<p>The identity data lens is tightly focused on <strong>profile<\/strong> attributes, <strong>permissions<\/strong> and the associated fabric needed to support access fulfillment and audit. However, that fabric has often been hindered by several fundamental limitations. Firstly, since workforce identity has been so intrinsically linked to business processes, a <strong>waterfall<\/strong> style approach to implementation was often used &#8211; with large amounts of <strong>upfront<\/strong> <strong>analysis<\/strong> and <strong>isolated<\/strong> periods of system design resulting in live systems that were already outdated, fragile and difficult to change.<\/p>\n\n\n\n<p>Many existing IGA systems also often suffer from being of small scope &#8211; covering only a handful of applications. This myopic view of the application landscape was often a result of complex software deployment processes &#8211; sometimes linked to connector and data integration &#8211; and sometimes due to the need for organizations to change processes associated with employee onboarding or access request management.&nbsp; The result was costly platforms that covered a small number of systems that were difficult to change and enhance.<\/p>\n\n\n\n<p>As a result the initial IDM and IGA phase of projects often contained numerous distress signals:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Limited application coverage<\/li>\n\n\n\n<li>High-effort process redesign<\/li>\n\n\n\n<li>High professional services-lead implementation costs<\/li>\n\n\n\n<li>High percentage of manual error-prone processes<\/li>\n\n\n\n<li>An inability to adapt to new business requirements<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">IGA Problem Statement Becoming Larger<strong><\/strong><\/h2>\n\n\n\n<p>Move forward to 2024 and the IGA problem statement is <strong>considerably<\/strong> <strong>broader<\/strong>. The number and variety of applications is larger &#8211; with systems ranging from SaaS, private-cloud, classic on-premise, through to APIs and microservices. In addition, many organizations have complex supply chains of software, services and people &#8211; crossing business, ownership and trust boundaries.<\/p>\n\n\n\n<p>This combination has created a need for identity management for a range of people-related personas as well as software and hardware, to support <strong>workloads<\/strong> and <strong>services<\/strong> too.&nbsp; The increase in both systems that need protection and the volume and variety of the identities accessing those resources requires a more flexible and agile identity data management platform.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"224\" src=\"https:\/\/readibots.com\/staging\/\/wp-content\/uploads\/cyber-hut-1.png\" alt=\"The Cyber Hut IGA Problem\" class=\"wp-image-2126\" srcset=\"https:\/\/readibots.com\/staging\/wp-content\/uploads\/cyber-hut-1.png 624w, https:\/\/readibots.com\/staging\/wp-content\/uploads\/cyber-hut-1-300x108.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n<p>Impact is Far Reaching<strong><\/strong><\/p>\n\n\n\n<p>The impact in getting this identity data fabric wrong is far reaching &#8211; and is not just limited to large enterprises and their top 10 most high-risk applications. For the <strong>small<\/strong> <strong>enterprise &#8211; <\/strong>which will not have the personnel needed to support complex IGA design and management processes &#8211; will require <strong>simple<\/strong> to <strong>integrate<\/strong> and more importantly <strong>adaptable<\/strong> ways to extract and provision identity data and rapidly automate the access request and review management steps.<\/p>\n\n\n\n<p>As the organization size increases, they are likely to have selected a commercial IGA product historically, but the <strong>deployment<\/strong> <strong>scope<\/strong> is often <strong>small<\/strong> with the majority of downstream systems managed via <strong>manual<\/strong> fulfillment and offline ticketing systems, due to connector <strong>cost<\/strong> or <strong>complexity<\/strong>. The result is service stagnation with no design roadmap and significant disillusion regarding technology success.<\/p>\n\n\n\n<p>Larger organizations &#8211; often under significant <strong>regulatory<\/strong> pressure &#8211; end up with <strong>identity<\/strong>&#8211;<strong>frankenware<\/strong> &#8211; with core commercial off the shelf IGA software, integrated with custom code that assists in connectivity or request-glueware. It becomes <strong>fragile<\/strong> quickly, often requiring significant redesign which is difficult to drive a business case for, resulting in isolated data management that can <strong>no<\/strong> <strong>longer<\/strong> <strong>adapt<\/strong> to business change.<\/p>\n\n\n\n<p>Agile Automation for IAM Data: What and Why<strong><\/strong><\/p>\n\n\n\n<p>As identity data is both foundational to <strong>employee<\/strong> <strong>productivity<\/strong>, <strong>regulatory<\/strong> <strong>compliance<\/strong> and <strong>security<\/strong> implementations, it requires a new paradigm of implementation. The existing data sources and processes must be used as a foundation. A <a href=\"https:\/\/www.thecyberhut.com\/is-iga-in-distress-if-so-why\/\">recent survey<\/a> by The Cyber Hut, identified 51% of respondents who said that the main reason for their IGA project being in distress was due to having to <em>change<\/em> their existing business processes to fit into a technology solution. Technology should meet the organization where it is &#8211; in a flexible and non-prescriptive way.<\/p>\n\n\n\n<p>This flexibility is derived from taking a more agile approach to design and deployment &#8211; by focusing on <strong>working<\/strong> <strong>data<\/strong> flows, <strong>adaptation<\/strong> to change, strong <strong>collaboration<\/strong> between all identity stakeholders and an understanding of <strong>interactions<\/strong>, rather than rigidity associated with IGA software features and capabilities.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"171\" src=\"https:\/\/readibots.com\/staging\/\/wp-content\/uploads\/cyber-hut-2.png\" alt=\"The Cyber Hut IGA Solution\" class=\"wp-image-2127\" srcset=\"https:\/\/readibots.com\/staging\/wp-content\/uploads\/cyber-hut-2.png 624w, https:\/\/readibots.com\/staging\/wp-content\/uploads\/cyber-hut-2-300x82.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure><\/div>\n\n\n<p>It is important to overlay agile approaches to those <strong>existing<\/strong> <strong>data<\/strong> <strong>sources<\/strong> and downstream <strong>systems<\/strong> &#8211; linking the mature workflows and processes that have emerged simply through repetitive and <strong>effective<\/strong> <strong>human<\/strong> <strong>interactions<\/strong>. These processes are often efficient &#8211; yet require the technical connectivity and fulfillment that can be derived from an automation mindset. A mindset that is abstracted from the often-myopic workflows located in existing IGA or ticketing systems.&nbsp; The goal is to remove <strong>manual<\/strong> processes, <strong>offline<\/strong> systems and <strong>isolated<\/strong> data &#8211; it is not about redesigning processes for one or two core applications.&nbsp;<\/p>\n\n\n\n<p>The benefits of a more <strong>flexible<\/strong> and <strong>connected<\/strong> identity data fabric include measurable benefits:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reduction in access request and <strong>fulfillment<\/strong> <strong>time<\/strong> with broad application coverage<\/li>\n\n\n\n<li>Adaptable automation results in <strong>less<\/strong> <strong>processing<\/strong> errors<\/li>\n\n\n\n<li>Closer alignment to <strong>business<\/strong> <strong>outcomes<\/strong> and change<\/li>\n\n\n\n<li>Automation leads to improved <strong>security<\/strong> <strong>assurance <\/strong>and<strong> compliance<\/strong><\/li>\n\n\n\n<li>Identity data is <strong>cleaned<\/strong> in a <strong>sustainable<\/strong> manner<\/li>\n<\/ul>\n\n\n\n<p>The sustainable cleanup can be best seen in use cases associated with right-size permissions management, via concepts such as zero standing privileges and just-in-time request management &#8211; that can only be achieved via global connectivity and automation.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Path Ahead<strong><\/strong><\/h2>\n\n\n\n<p>So how can organizations achieve this? It is important to understand both the <strong>existing<\/strong> current profile and also the <strong>strategic<\/strong> <strong>target<\/strong> profile. Application prioritization is key, identifying both technical and process-related bottlenecks &#8211; associated with access request fulfillment, frequencies, and business impact. Which systems are heavily reliant on manual ticketing and offline data flows? What is the productivity cost associated with these systems &#8211; and identify the cost of doing nothing.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">90 Day Take Away<strong><\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Discover existing solutions<\/li>\n\n\n\n<li>Discover existing app pain points<\/li>\n\n\n\n<li>Understand existing ITSM and manual fulfillment flows<\/li>\n\n\n\n<li>Document immediate and long term term productivity targets<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<strong><\/strong><\/h2>\n\n\n\n<p>Existing identity data management and identity governance solutions are often <strong>not<\/strong> <strong>providing<\/strong> a <strong>return<\/strong> on <strong>investment<\/strong> and are <strong>narrow<\/strong> in the application integration coverage. An increase in the type and volume of resources under management is resulting in a need for a <strong>more<\/strong> <strong>agile<\/strong> <strong>approach<\/strong> for <strong>workflow<\/strong> and data <strong>integration<\/strong>. The use of existing data sources and processes is an essential foundation for leveraging a more overarching and flexible approach to identity data automation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Failings of Existing IAM Data Management The commercial management of Identity and Access Management data is over two decades into its journey &#8211; from auth source provisioning and connector management through to access review and request management. Sometimes driven by compliance, nearly always sitting under IT operations and aiming to deliver productivity and efficiency savings.<\/p>\n","protected":false},"author":19,"featured_media":2138,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_seopress_robots_primary_cat":"","_seopress_titles_title":"Why IAM Data Management Needs Agile Automation","_seopress_titles_desc":"An agile approach to design and deployment provides flexibility with a focus on working data flows, adaptation to change, strong collaboration","_seopress_robots_index":"","footnotes":""},"categories":[12],"tags":[98],"class_list":["post-2134","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-identity"],"acf":[],"_links":{"self":[{"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/posts\/2134","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/comments?post=2134"}],"version-history":[{"count":2,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/posts\/2134\/revisions"}],"predecessor-version":[{"id":2153,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/posts\/2134\/revisions\/2153"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/media\/2138"}],"wp:attachment":[{"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/media?parent=2134"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/categories?post=2134"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/readibots.com\/staging\/wp-json\/wp\/v2\/tags?post=2134"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}