1 Introduction
Identity data continues to increase in importance as organizations seek to bolster their corporate cybersecurity. Not only is access to identity information important, currency of data is important too. Directory updates in a nightly basis are no longer satisfactory, connectors that maintain data in real time are now expected. Increasingly a simple interface to enterprise applications is not enough, the ‘identity fabric’ within an organization must support authorization servers, network analyzers, AI bots and, in some cases, IoT platforms.
As the IT environment becomes more complex, so does the identity management task. Supporting hybrid environments, in which cloud-based resources require access to identity data, is more difficult than on-premise resources because of the higher risk profile of data external to the corporate network. Regulation adds another layer of complexity with many jurisdictions placing sovereignty restrictions on where identity data can be stored.
An identity fabric must accommodate all requirements and adhere to the contemporary technology architecture adopted by an organization. It is no longer acceptable for the IAM infrastructure to populate an on-premise enterprise directory and expect relying applications to use it. Contemporary technology includes IDaaS, support for hybrid cloud environments, APIs with RESTful interfaces, support for DevOps environments, support for IoT platforms etc. This means core IAM facilities must be extended so that the identity fabric provides real-time identity data to all enterprise resources that require it.
Core IAM facilities include identity provisioning and governance tools that are expected in any identity management environment. This includes on-boarding of staff, whether employees or contractors, setting of entitlements, typically via an approval process, de-provisioning of users when they leave the organization and a governance process to allow entitlements to be validated and audited. The umbrella term for this functionality is identity and governance administration (IGA).
The other functionality expected of IAM solutions is the access control that it enables. This too is evolving rapidly. While in the past access control logic within an application initiated an LDAP query to an identity data store, contemporary requirements include SAML support for cloud-based applications, SCIM interfaces to support external authorization servers, HTTP support for token-based authentication servers and credential storage to support MFA requirements.
But contemporary identity fabrics must go further; increasingly identity analytics must be provided. To the degree possible, automation should be used to reduce the level of manual intervention typically needed in provisioning user accounts and in recertifying entitlements. Modern IAM environments should include an analytics facility that will monitor the entitlements of users to ensure that they are correct, any exceptions to the expected role assignments should be flagged for review. No longer will certification campaigns absorb much of a manager’s time, the IAM environment will automate the core attestation tasks.
SailPoint has been a major purveyor of IGA functionality for many years. The Company was an early proponent of business-focused identity governance by providing greater visibility and transparency to identity management within an enterprise. They are now extending the functionality provided by IdentityIQ to encompass the consistency and repeatability required by the modern enterprise which relies on their identity fabric to support the organization’s business operations. They have leveraged the AI technology of Orkus and the cross-environment monitoring capability of OverWatchID, companies acquired in 2019, to provide a sophisticated IAM solution for the modern enterprise.
