Tom discovers if Identiverse is too sexy for IGA?

It was a pleasure to be back at Identiverse in person this year from June 21 – June 24th, after missing out on the last couple of years due to Covid19 restrictions. This year’s event was held at the stunning Gaylord Rockies Resort and Convention Centre, Aurora, Colorado and as always attracted a wide range of delegates from the technical side of the identity management industry.

We always attend Identiverse expecting the sexy new innovations to grab the headlines, but the core of the event has always been based around strong IGA management. It was therefore slightly surprising to find that this year only 1 of the 57 keynote presentations scheduled at the event was based on the topic of IGA. It was clear that demand for sessions on IGA was at an all time low and most participants at Identiverse felt that they had been there and got the t-shirt. Identiverse seemed to have left its origins in IGA behind in its rush to unveil the next new shiny technological advances.

This worried us slightly as a survey we had recently commissioned from Manchester Business School showed that many organizations were a long way from having IGA under control. Tom Eggleston, CEO of Proof ID was booked to present the findings of the Manchester Business School survey to the conference. This major piece of research was conducted amongst 84 companies during 2021 and asked the organizations a series of questions based around their IGA processes. The alarming results showed that many organizations had badly organized and antiquated IGA systems which resulted in significant issues during the onboarding and offboarding of personnel.

56% of respondents admitted to taking more than 4 days to provision access to new employees, with a knock on effect on productivity and 25% had no automated provisioning at all. The situation was worse in terms of review systems with over 65% relying on manual spreadsheets for this process. Most worryingly of all, only 43% of respondents were confident that all access to company systems had been revoked when an employee left and 24% were either not confident or only somewhat confident that access had been removed.

As well as these significant gaps in core IGA functionality, within these surveyed organizations, there was also limited penetration of ‘nice to have’ IGA features, such as approval workflows and self-service access requests. Far from embracing new technology, these organizations didn’t even seem to have the basics of identity management under control.

Tom knew he would have a tough job on his hands to convince the room that IGA was something they needed to put back on their agenda, so he came up with an innovative way of grabbing their attention. Just before commencing his talk he launched an ‘in room’ survey of the 32 delegates who had attended, asking them 4 simple questions around IGA which they could answer anonymously online. The answers were then processed ready so he could announce the results at the end of the presentation.

The questions were as follows:

  1. In your organization, how confident are you that you provision all required access for new starters within one day or less?
  2. How confident are you that all your users have the right access according to their job roles?
  3. How confident are you that you are running regular, automated review of access across your entire organization?
  4. How confident are you that when a user leaves your organization, all of their access is immediately automatically removed?

These questions were very similar to the questions we had asked in the Manchester Business School survey, but considering the calibre of the participant group in the room, Tom was expecting the results to be nowhere near as dramatic. These after all were primarily IT professionals at the sharp end of implementing effective IGA for their organizations. How wrong he was:

Over 50% of respondents stated that they are not confident that they provision all access for new starters within the first day. Shockingly, only 39% stated that they were confident that all users have the right access according to their job role – this means members of their team could either have too much or too little access to important information and data needed/unneeded for their particular role. Only 39% answered that they were confident that their organization was running regular, automated reviews of access across their organizations. And finally, only 53% stated having confidence that when an employee exits their organization, that all their access is immediately and automatically removed.

Hopefully this was a wake up call to those in the room and will be to all those who would rather move on from IGA. Although it might not be the sexiest topic, it is very clear that we need to build the foundations so we can move forward with the knowledge and confidence that we have everything covered from a security and governance point of view. But that doesn’t mean we have to go back to the dark days of manually managing IGA – with automated platforms such as ideiio, all organizations should be able to concentrate on the sexier things in life.

ideiio is a simple, secure and cost-effective lifecycle management and IGA platform that links HR and IT systems to automate and manage employee access and data as they join, move departments or leave your organisation. ideiio also provides robust reporting, audit and governance capabilities. So what are you waiting for – get your IGA automation programme underway and hopefully by Identiverse 2023 you will be able to embrace all the shiny new innovations on offer. Vegas here we come!