Founder and Analyst at The Cyber Hut
The commercial management of Identity and Access Management data is over two decades into its journey – from auth source provisioning and connector management through to access review and request management. Sometimes driven by compliance, nearly always sitting under IT operations and aiming to deliver productivity and efficiency savings. That journey has been long, complicated and at times in distress.
The identity data lens is tightly focused on profile attributes, permissions and the associated fabric needed to support access fulfillment and audit. However, that fabric has often been hindered by several fundamental limitations. Firstly, since workforce identity has been so intrinsically linked to business processes, a waterfall style approach to implementation was often used – with large amounts of upfront analysis and isolated periods of system design resulting in live systems that were already outdated, fragile and difficult to change.
Many existing IGA systems also often suffer from being of small scope – covering only a handful of applications. This myopic view of the application landscape was often a result of complex software deployment processes – sometimes linked to connector and data integration – and sometimes due to the need for organizations to change processes associated with employee onboarding or access request management. The result was costly platforms that covered a small number of systems that were difficult to change and enhance.
As a result the initial IDM and IGA phase of projects often contained numerous distress signals:
Move forward to 2024 and the IGA problem statement is considerably broader. The number and variety of applications is larger – with systems ranging from SaaS, private-cloud, classic on-premise, through to APIs and microservices. In addition, many organizations have complex supply chains of software, services and people – crossing business, ownership and trust boundaries.
This combination has created a need for identity management for a range of people-related personas as well as software and hardware, to support workloads and services too. The increase in both systems that need protection and the volume and variety of the identities accessing those resources requires a more flexible and agile identity data management platform.
Impact is Far Reaching
The impact in getting this identity data fabric wrong is far reaching – and is not just limited to large enterprises and their top 10 most high-risk applications. For the small enterprise – which will not have the personnel needed to support complex IGA design and management processes – will require simple to integrate and more importantly adaptable ways to extract and provision identity data and rapidly automate the access request and review management steps.
As the organization size increases, they are likely to have selected a commercial IGA product historically, but the deployment scope is often small with the majority of downstream systems managed via manual fulfillment and offline ticketing systems, due to connector cost or complexity. The result is service stagnation with no design roadmap and significant disillusion regarding technology success.
Larger organizations – often under significant regulatory pressure – end up with identity–frankenware – with core commercial off the shelf IGA software, integrated with custom code that assists in connectivity or request-glueware. It becomes fragile quickly, often requiring significant redesign which is difficult to drive a business case for, resulting in isolated data management that can no longer adapt to business change.
Agile Automation for IAM Data: What and Why
As identity data is both foundational to employee productivity, regulatory compliance and security implementations, it requires a new paradigm of implementation. The existing data sources and processes must be used as a foundation. A recent survey by The Cyber Hut, identified 51% of respondents who said that the main reason for their IGA project being in distress was due to having to change their existing business processes to fit into a technology solution. Technology should meet the organization where it is – in a flexible and non-prescriptive way.
This flexibility is derived from taking a more agile approach to design and deployment – by focusing on working data flows, adaptation to change, strong collaboration between all identity stakeholders and an understanding of interactions, rather than rigidity associated with IGA software features and capabilities.
It is important to overlay agile approaches to those existing data sources and downstream systems – linking the mature workflows and processes that have emerged simply through repetitive and effective human interactions. These processes are often efficient – yet require the technical connectivity and fulfillment that can be derived from an automation mindset. A mindset that is abstracted from the often-myopic workflows located in existing IGA or ticketing systems. The goal is to remove manual processes, offline systems and isolated data – it is not about redesigning processes for one or two core applications.
The benefits of a more flexible and connected identity data fabric include measurable benefits:
The sustainable cleanup can be best seen in use cases associated with right-size permissions management, via concepts such as zero standing privileges and just-in-time request management – that can only be achieved via global connectivity and automation.
So how can organizations achieve this? It is important to understand both the existing current profile and also the strategic target profile. Application prioritization is key, identifying both technical and process-related bottlenecks – associated with access request fulfillment, frequencies, and business impact. Which systems are heavily reliant on manual ticketing and offline data flows? What is the productivity cost associated with these systems – and identify the cost of doing nothing.
Existing identity data management and identity governance solutions are often not providing a return on investment and are narrow in the application integration coverage. An increase in the type and volume of resources under management is resulting in a need for a more agile approach for workflow and data integration. The use of existing data sources and processes is an essential foundation for leveraging a more overarching and flexible approach to identity data automation.
Connector Studio simplifies creating and managing connectors for enterprise systems, enabling you to adapt quickly to business and technology changes without the complexity and risks of traditionalcompiled code.
Read MoreA Chilling Tale of IGA Project Survival Cue the haunting organ music. Good evening, dear reader. The moon hangs low, casting eerie shadows through the empty corridors of your office. You’re alone in the conference room, the glow of the projector illuminating the ominous timeline of your IGA project. A sudden chill grips your spine. […]
Read MoreOne of the most common questions that you get when you’ve built an Identity Automation Platform is pretty basic, but it’s important: “Why?”. I mean, lots of folks do “provisioning” (important quotation marks there), so why add another to the mix? It’s a good question. It speaks to how effective marketing can be. If you […]
Read More