Understanding and being able to measure risk is the first step toward reducing it.
For many organisations, the most significant internal risk comes from the vast number of sensitive applications, systems and data they use. Each of these will likely have hundreds, if not thousands, of user entitlements — each with varying degrees of risk.
This is where Identity Governance and Administration (IGA) comes in. IGA allows companies to manage and reduce the risk that comes with excessive or unnecessary user access.
So, why is IGA so important?
In recent years, there’s been a lot of talk about the decline in value of network perimeter security and the needs to adopt a zero-trust approach, which relies on having an in-depth knowledge of users and their entitlements. As these traditional boundaries dissolve, a well-developed Identity Program has become critical.
Employees also need resources to do their jobs, and they want to have simple and rapid access to these resources. When they don’t know where to go to request something, they quickly become frustrated, which can hurt productivity.
As a result, security-conscious organisations need to mitigate risk as much as possible by putting measures in place to balance requests for access with security. This includes having proper workflow approval management systems and an access request portal, as well as the ability to provision or create accounts and report on the status of system access.
Traditionally, this has been accomplished by manually inputting access information into spreadsheets. However, companies often fail to implement proper monitoring and governance controls to determine whether users should continue to have access.
IGA is but one of thousands of processes that companies desire to optimise and then automate, allowing them to grant and review access to corporate systems habitually. The challenge is integrating Identity Programs with IGA platforms and the tools that provide dynamic information on behaviour and risk.
How can IGA be delivered?
The key to successful IGA implementation is integration with core operational processes and IT service management (ITSM) systems. For years, vendors have built integrations from their platforms into ITSM to create the illusion of there being only one platform and one place to make requests. However, these integrations are very limited, simplifying access request approval processes and management in order to accommodate clunky software. Creating, testing and maintaining these points of integration is technically complex and expensive, too — and it takes time.
Fortunately, there is a centralised solution that allows organisations to automate the review and management of access: the best-in-class workflow automation platform, ServiceNow.
Most organisations already have some investment in ServiceNow, so building IGA solutions on top of this platform allows for many deeply valuable integrations, which improve user experience by having a single communication hub between businesses and their IT systems.
ServiceNow connects every worker through its easy-to-use request portal and robust workflows — ensuring all identity information and processes can be configured so that everyone that needs the data, system or application can access it when required.
Taking information and embedding it into the Now Platform also creates ample opportunities to leverage the information contained in other products built in the platform. For example, access requests can be delivered as ITSM tickets, meaning help desk administrators have access to all the information they need to resolve identity-related issues.
This concept is a significant disruptor to the IGA market. Lifecycle management, provisioning and re-certification can now be inherent to the core IT service management challenge. The IGA function is an extension of the core capabilities of the existing ServiceNow deployment and can be managed and supported by a common team.
Comprehensive IGA capabilities
Clear Skye IGA provides the full set of identity governance capabilities — identity lifecycle management, access request, access review and workflow management — without the challenges of stand-alone governance solutions.
Through its ServiceNow configuration abilities, Clear Skye IGA makes it easy for organisations to digitise their IGA processes and carry out IGA functions using the portal they have grown accustomed to — meaning their Identity Programs will become not only more efficient but also more secure.
To find out more about Burning Tree’s Clear Skye services, please get in touch today.