1 Introduction
In the age of digital transformation, not only the requirements for IT but also the way IT is done, are continually evolving. To remain relevant, organizations must reinvent themselves by being agile and more innovative. Emerging technology initiatives such as the digital workplace, DevOps, security automation, and the Internet of Things continue to expand the attack surface for organizations as well as introduce new digital risks. To stay competitive and compliant, organizations must actively seek new ways of assessing and managing security risks without disrupting the business. Security leaders, therefore, have an urgent need to constantly improve upon the security posture of the organization by identifying and implementing appropriate controls to prevent such threats.
Identity Governance and Administration (IGA) concerns the capabilities in the IAM (Identity and Access Management) market that broadly deal with end-to-end identity life-cycle management, access entitlements, workflow and policy management, role management, access certification, SOD risk analysis, reporting, and access intelligence. A self-service user interface allows for requesting access, profile management, password reset, and synchronization. Configurable connectors, either cloud-native or based on gateways back to on premises environments, offer automated user provisioning to both on-premises as well as SaaS applications.
As IGA becomes a vital security risk and management discipline directly impacting the security posture of any organization, a lack of basic IGA capabilities can leave organizations exposed to risks originating from inefficient administration of identities and access entitlements, poor role management, and a lack of adequate auditing and reporting. These risks range from identity thefts to unapproved and unauthorized changes, access creeps, role bloating, delays in access fulfillment, orphan roles, and accounts, SOD conflicts leading to occupational and other internal frauds. Several incidents in recent past have emphasized the need to have better IGA controls for organizations of all sizes across all industry verticals.
IGA also refers to the increasingly integrated Identity Provisioning and Access Governance markets. Where Identity Provisioning focuses on tasks related to administering access fulfillment and entitlements throughout an identity life-cycle, Access Governance provides necessary (mostly self-service) tools for business to manage workflows and access entitlements, run reports, access certification campaigns and SOD checks. Access intelligence is the analytics layer over Identity Provisioning and Access Governance that offers business-related insights to support effective decision making and potentially enhance governance.
In recent years, Privileged Access Management (PAM) has increasingly become associated with IAM. PAM has evolved into a set of technologies used to prevent security breaches and credential thefts by identifying, securing, and managing privileged credentials and the resulting access across an organization’s IT environment. Future trends may show a convergence of IGA and PAM in the market as seen by IGA vendors partnering more with PAM vendors, or building PAM capabilities directly into their IGA solutions, although PAM capabilities in these instances may be limited.