What can an identity governance solution do for you?
What is IGA?
First, what is an identity? An identity is a digital representation of an individual, recording of all the attributes that makes a person unique. We can then map this identity to roles and applications to give users access to the right resources across the organisation to allow them to accomplish their job. Managing these identities, or users, can be done with an Identity Governance and Administration (IGA) solution.
For an application to be considered an Identity Governance solution, an application must be able to do a few key things. We will discuss below what to expect from an IGA platform as well as what IGA platforms don’t do.
IGA should manage and automate the entire identity lifecycle process from the on-boarding process to deprovisioning accounts upon termination of employment.
This allows organisations to stay in compliance with regulatory mandates and alleviate burden on IT teams who would previously need to do these actions manually.
An application that allows your organisation to verify the current people have the correct access at the right time. This is essential to ensure the company resources are always secure.
Reporting & logging
The ability to access information about permissions granted or revoked, and resource access requests through the logs. These solutions should also have a way to analyse and pull relevant data. Reporting and logging are crucial to conform to many compliance mandates. For example, during a SOX audit, auditors will want to know what internal controls are in place for access to sensitive data. A good identity governance and administration solution will provide you with reporting tools so you will know who has access to which applications, why they have access, and when their access will be removed.
Self-service & access request
Allows for user to request access to applications they need to complete their jobs. This automated process alleviates the manual tasks of granting access to users and eliminates the chance of human error in the access request process.
The ability to create or remove accounts to applications or resources across your organisation based on a user’s role. Automation of account creation or deletion is the corner stone of every identity governance and administration solution.
Manages the fine-grain access to applications. This allows your organisation to manage applications down to the user, moderator, admin, etc. roles. These tools can grant, remove, and alter access to applications and devices across the organisation based upon the needs of the individual user.
The capability to securely delegate the ability to request, manage and approve access to another person, department and/or office.
What IGA is not?
Single sign-on (SSO) and identity governance and administration are meant to be used together. SSO is the way a user authenticates into a resource. The purpose of IGA is not to authenticate users but to authorize them. SSO is used to determine who a user is, while IGA is used to determine if this user should have access to the resource. When the two are combined you have a more complete identity access management (IAM) solution.
Privileged access management
If one privileged account is hacked the organisation can be at risk. Privileged access management (PAM) is focused on minimising the risk that privilege accounts pose to an organisation. IGA is not a PAM solution but is often used as an effective way to manage who has access to privileged access accounts.
Multi-factor authentication (MFA) combines any two of the following methods to strongly authenticate a user: something you know, something you have, something you are.