Voices of experience – Industry trends driving the need for Identity and Access Governance (IGA)
From digital transformation to cloud computing to the Internet of Things, to employees using their own devices and working remotely worldwide, today’s organizations need to manage more IT connections across more devices from more places.
Yet all these “things” accessing other “things” increases the security risk and the possibility that malicious actors will gain unapproved access to corporate information or resources. For most organizations, the number of points of possible security failures is increasing, while resources to manage those possible failure points are staying the same or decreasing.
That’s where solutions like identity and access governance (IAG) come in. Identity and access governance enable the right people, software, and hardware to have access to the tools required to perform assigned duties without also granting access to those that are not needed or presenting a security risk to the enterprise. Identity and access governance enables organizations to manage access based on groups or roles rather than individually, vastly simplifying IT operations.
To better understand the current trends that are driving the widespread adoption of identity and access governance solutions across multiple industries, we interviewed IT industry leaders at Navigate 2022 in London to learn what forces drove the need for IAG in their companies.
As you might expect, privacy was an essential driver for a company in the banking industry. “I think the biggest trend we see now that drives identity and access governance is privacy. Suppose you do identity and access management correctly. In that case, it underpins good privacy setup and allows you to control and be compliant in a much greater way,” said an engineering manager responsible for the access services at a bank. “Deletion doesn’t necessarily mean deletion of data. It means deletion of access. So, it can solve many privacy issues if you have a solid identity and access management set up.”
Another key driver cited was regulations and compliance requirements, particularly around data privacy. As the CTO of a manufacturing company stated, “Countries are increasing their regulation, and we need to be able to be compliant with regulations. It’s not an option. It’s absolutely mandatory.”
According to a pharmaceutical company’s head of identity and access management, regulation and compliance also play a big part in their identity and access governance plans. “Regulation is very specific to the industry we belong to,” he noted. He stated that his organization needs to comply with Sarbanes Oxley in the United States market and that identity and access management policies may need to be adjusted for specific countries or regulations.
For one telecommunications company, employee joiners, movers, and leavers (JML) are big identity and access governance drivers. “The biggest trend in my industry is globalization from an application and people perspective,” said a senior manager for domain portfolio delivery. The result of that globalization is that the company needs to be able accurately enable and securely control access for employees working around the world, as well as efficiently manage the associated JML processes, a task that’s almost impossible without an IAG solution.
The shift to remote work is an important factor in the adoption of identity and access governance, according to a user lifecycle supervisor at a construction company. “After COVID-19, people expect to work from everywhere, so we really need to be able to rapidly onboard identities, and we need to be able to manage the rest of the user lifecycle processes.”
For a security architect at a finance company, the shift toward more automation is the key driver for IAG investments. “Automation is a big one. We have seen lots of movement toward dynamic and agile development methodologies, which need high-speed provisioning and de-provisioning of identities, and the ability to facilitate those through automated processes and exposure of interfaces to our identity, governance, and administration systems.”
Lastly, general cloud and security trends drove IAG investment at one retail organization. The head of technology risk cited linking access to cloud configurations and controlling privileged access across the organization, technology stacks, and outside organizations.
In the end, there are many different reasons why organizations turn to identity and access governance, from securing themselves against cyber threats to meeting compliance and regulatory requirements to increasing efficiency through automation and more. As a result, identity and access governance is a security solution that can have many different business benefits.