Why All IT Pros and Businesses Need to Think About Identity Governance
By Theis Nilsson, vice president of customer success and innovation, Omada
Identity governance is often seen as belonging solely within the purview of security teams. While identity governance is certainly a big part of cybersecurity – given that it’s the area of overseeing who is accessing which company assets, when and why – it’s important not to think that identity governance is only a security issue. IT and business teams also need to be thinking carefully about it for several reasons. It can’t just be siloed as something for only CISOs to care about.
Supporting your cloud initiatives
Cloud adoption and migration is at an all-time high; while it was already quickly growing, it was given a huge boost by the massive shift to remote work that the COVID-19 lockdowns ushered in. In fact, Gartner forecasts that worldwide end-user spending on public cloud services will grow 23% by 2022 for a total of $332.3 billion.
Identity governance and access management is a key consideration when it comes to cloud services – or at least, it needs to be. For instance, typically when you move to the cloud, you must stick with a certain level of standardized request and approval processes to give your organization’s users the right access for the right reasons. And this can be a complex process – which is where the right IGA solution with the right level of adaptability can help by making this process far less cumbersome on the end-user side.
For anyone working in a department and needing to bring on new employees or give existing employees a different or new type of access, simplifying and automating this and other processes is a huge value proposition.
Meeting compliance requirements
It’s tempting to think of compliance and security as synonymous, but that’s not quite true. They do, in fact, typically go hand in hand, but the relationship is a bit more nuanced than that.
Essentially, cybersecurity is the practice of implementing effective means and controls to protect your assets, while compliance is the application of that practice to meet your own – or those of the third parties you work with – regulatory or contractual requirements.
A good example is GDPR (General Data Protection Regulation). GDPR is the EU’s way of protecting the processing of personal data. To meet GDPR requirements is a matter of regulatory compliance; to prove compliance with GDPR, a company needs to be able to show they have the practices in place to ensure and demonstrate that they’re capable of protecting personal data. Identity governance is a cornerstone and an efficient tool for achieving compliance with the data security and access management aspects of regulations such as GDPR.
Implementing processes for controlling, managing and auditing access to data is an important prerequisite to reducing risk to your everyday business. If you consider how many different divisions within any given organization are likely collecting or using, for example, customer data that’s subject to regulations such as GDPR, the more it becomes clear that this isn’t just something the security function needs to be thinking about.
For most organizations, balancing efficiency and risk is incredibly important – especially as the amount of data stored and shared increases. To enable collaboration, sharing information is a necessity, and users must have purposeful access. As organizations continue their digital transformation journey, many realize that their existing IGA solution no longer fulfills all new requirements. A modern identity governance solution offers identity lifecycle management, automatic provisioning, seamless workflows, and optimized helpdesk capacity.
The move towards cloud applications – and increased pressure from the business to onboard new business applications – is a big challenge for many organizations. There’s almost always the question of how to maintain control, manage risk and ensure compliance without restraining overall efficiency. An identity governance solution helps address this and keeps efficiency front and center – which, for busy IT departments, is crucial. Some of today’s IGA solutions offer the capability to provide zero-touch access provisioning without compromising organizational risk and security.
Identity management: Worth rethinking
Particularly as cloud adoption continues, identity governance becomes more important. Identity tends to get lumped in with security, for a lot of quite obvious reasons. But identity governance and management can’t just be unceremoniously lumped in with the CISO’s many duties. Compliance and efficiency are other considerations with respect to identity governance, making it an element that is important to the whole business. Continued improvement of corporate efficiency is an imperative competitive advantage in today’s globalized collaboration. Remaining in compliance frees organizations from the fear of fines, and it stands to save organizations money as their IT workforce experiences greater productivity. For these reasons, most organizations need to take another look at their identity governance and management process to ensure that it meets all three of these important considerations.
Theis Nilsson has held different consultancy and management roles within Omada for about 15 years. He began his career in research and development in the area of network management security, and holds a master’s degree in computer science from the Danish Technical University. He has been working with organizational development and information technology for more than three decades. His work with organizations includes a combination of consulting and advisory roles, where process improvement, benefits realization and organizational restructuring has played a key role.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
- Five Must-Watch Cybersecurity Industry Sectors with Staying Power
- Understanding Cybersecurity: The Role of Human Behavior and Psychological Security in The War Against Online Manipulation
- How Microsoft Is Building Its Security Business
- People, Process, Technology: A Three-Pronged Approach to Cyber Risk Governance