Article

What is Identity Governance and Administration (IGA)?

Identity Security
Time to read: 8 minutes

Identity Governance and Administration (IGA), also known as identity security, is at the centre of IT operations, enabling and securing digital identities for all users, applications and data. It allows businesses to provide automated access to an ever-growing number of technology assets while managing potential security and compliance risks.

Identity Governance in Action
Learn how SailPoint’s identity platform helps enterprises enable their workforce by securing digital identities.

What Business Security Problems Does IGA Address?

Identity governance and administration can help your organisation effectively address today’s complex business challenges, balancing four critical objectives:

  1. Reduce operational costs
  2. Reduce risk and strengthen security
  3. Improve compliance and audit performance
  4. Deliver fast, efficient access to the business

Reduce operational costs

Identity governance and administration automates labour-intensive processes such as access certifications, access requests, password management and provisioning, which dramatically cut operational costs. With its business-friendly user interface, this can significantly reduce the time IT staff spends on administrative tasks, and empower users to independently request access, manage passwords and review access. And with access to dashboards and analytical tools, organisations have the information and metrics they need to strengthen internal controls and reduce risk.

Reduce Risk and Strengthen Security

Compromised identities caused by weak, stolen or default user credentials are a growing threat to organisations. Centralised visibility creates a single authoritative view of “who has access to what," allowing authorised users to promptly detect inappropriate access, policy violations or weak controls that put organisations at risk. Identity governance solutions enable business and IT users to identify risky employee populations, policy violations and inappropriate access privileges and to remediate these risk factors.

Improve Compliance and Audit Performance

Identity governance and administrations allow organisations to verify that the right controls are in place to meet the security and privacy requirements of regulations like SOX, HIPAA and GDPR. They provide consistent business processes for managing passwords as well as reviewing, requesting and approving access, all underpinned by a common policy, role and risk model. With role-based access control, companies significantly reduce the cost of compliance, while managing risk and establishing repeatable practices for a more consistent, auditable and easier-to-manage access certification efforts.

Deliver Fast, Efficient Access to the Business.

By giving your users timely access to the resources they need to do their jobs, identity governance and administrations enables them to become productive more quickly – and to stay productive, no matter how much or how quickly their roles and responsibilities change. It also empowers business users to request access and manage passwords, reducing the workload on help desk and IT operations teams. And with automated policy enforcement, identity governance allows you to meet service level requirements without compromising security or compliance.

SailPoint’s Identity Governance and Administration Solutions

In March, we were recognised as the 2020 Gartner Peer Insights Customers’ choice for Identity Governance & Administration (IGA). This distinction recognises the vendors who are top-rated by their customers, based on a series of customer-submitted reviews.

When it comes to identity governance, no company is better suited to help you solve your unique security and compliance challenges. Learn how we can help you protect your sensitive data, wherever it lives.

Identity Governance in Action

$1 Million in Cost-Savings.
The Power to Seize Opportunities.

Learn more about identity topics

Frequency Asked Questions (FAQ)

What’s Cloud Identity Governance?

Cloud-based identity governance offers the same security, compliance and automation delivered by traditional enterprise-class identity solutions, coupled with a lower total cost of ownership and faster deployment. Put simply, identity provides the power to make the cloud enterprise secure.

Cloud is transforming the way we work. Organisations must effectively address today’s complex business challenges, and today’s enterprise is becoming a cloud enterprise. While companies are becoming more comfortable with moving strategic and mission-critical applications into the cloud, it can feel overwhelming to consider solutions like identity as a service (SaaS). They often avoid identity governance because they believe they lack the budget, time or skilled identity resources required to implement it. However, these are no longer inhibitors to reaping the benefits of identity management.

For SailPoint, we remain entirely focused on identity governance whether on-premises or from the cloud. IdentityNow, our SaaS solution, is as powerful an identity governance solution as IdentityIQ, our solution deployed in the data centre.

Isn’t identity governance software only available on-premises?

While it’s true that the first identity governance solutions on the market were installed on-premises, today there are cloud-based options for identity governance as well. In fact, SailPoint IdentityNow provides access certifications, access request, provisioning, and password management as cloud-based services.

Can identity governance manage cloud applications?

Identity governance solutions provide rich connectivity options that enable unified management across cloud and on-premises resources. All identity governance capabilities, including access certification, access request, password management, and provisioning, are cross-domain, meaning they can be used for cloud and on-premises applications.

Does my company need identity governance, even though we aren’t subject to regulatory compliance?

Identity governance is a critical component of any security strategy. If a company does not have identity software in place, it puts them at serious risk of cyberattacks. Because hackers attempt to steal user credentials constantly, protecting identities is vital to keeping cyber thieves out of company systems. No matter what, you need identity governance to protect user accounts and privileges—and ensure effective access control.

Is IGA only for big businesses?

While it may seem regulation compliance is a challenge only for large, international companies, the truth is that regulations (e.g., GDPR or CCPA) affect every enterprise organisation, whatever their size or industry. No matter what, organisations need to strengthen access controls to their sensitive data and applications.

Does identity governance support HIPAA and compliance?

Identity governance helps ensure HIPAA compliance by:

  • Applying artificial intelligence and predictive analytics to monitor and identify unusual access behaviour
  • Consistently enforcing access policies and applying controls to all applications containing ePHI
  • Locating and securing structured and unstructured ePHI regardless of where they’re stored
  • Automating periodic reviews of user access rights

Our open cloud identity governance platform makes it easy for you to stay HIPAA-compliant, giving you visibility and access control for apps and data, for every user.

What’s the history of Identity Governance?

Identity governance originally emerged as a new category of identity management. It was driven by the requirements of new regulatory mandates such as the Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA). Designed to improve transparency and manageability, identity governance gave organisations better visibility to identities and access privileges and better controls to detect and prevent inappropriate access.

In 2012, identity governance was recognised by Gartner as the fastest-growing sector of the identity management market. In its first Magic Quadrant focused on this market segment, Gartner stated that identity governance “is replacing user administration and provisioning as the new centre of gravity for IAM.” Gartner also estimated that growth rates for identity governance would exceed 35-40% per year, based on increased incidences of well-publicised insider theft and fraud.

As more and more customers deployed identity governance and provisioning solutions together, it became clear that the role, policy, and risk models provided by identity governance were foundational to provisioning and to compliance processes. At the same time, it became clear organisations needed centralised visibility over both on-premises and cloud applications, and data files across the organisation.

For more common FAQs, click here.

KuppingerCole Leadership Compass for Access Governance - Report

KuppingerCole Leadership Compass for Access Governance - Report

See why SailPoint’s IAG capabilities received a “Strong Positive” rating, indicating our ability to provide a comprehensive and well-rounded IAG solution.

Download the report
KuppingerCole Executive View on SailPoint Atlas

KuppingerCole Executive View on SailPoint Atlas

Read an overview of SailPoint Atlas, identity security that combines modern technologies such as AI and machine learning, in this KuppingerCole report.

Download the white paper
SailPoint corporate brochure

State of identity, Report from the frontline

Practical and actionable advice for identity specialists and busy business executives wanting to understand more about the issue and the opportunities.

Download the white paper