1 Introduction
IAM (Identity and Access Management) is fundamental to protecting corporate digital assets. In most cases, a perimeter which secures the internal network from external threats no longer exists. At the same time, the value and relevance of digital corporate assets and intellectual properties have increased. These factors make good IAM a core element of digital security. IGA (Identity Governance and Administration) includes two core elements of IAM - Identity Provisioning and Access Governance that are essential to enabling and securing digital transformation.
Digital transformation has enabled organizations to become more effective and more efficient by enabling them to develop new products and ways of working. It has also increased the importance of the digital assets to the business and the impact on the business were these assets to be compromised. Even in more traditional areas such as manufacturing digital assets have become through business critical the use of connected machinery and processes as well as smart logistics.
Organizations now face many challenges to their digital security. The increased connectivity needed to support mobile employees, to integrate business partners into internal processes and to get closer to their customers has increased digital risks. The use of cloud services and the increasingly hybrid nature of the IT service delivery model have increased the level of governance needed to ensure compliance with regulations and the corporate security posture.
Protecting these digital assets, the systems, and applications in this complex hybrid IT environment while facing ever-increasing attacks, requires organizations to act. Protecting against both internal and external cyber threats requires a well-thought-out understanding of risks and countermeasures.
IAM is one of the core elements of every infrastructure. When IAM is done right it ensures that the identities, together with their user accounts, passwords, and access entitlements are well-managed. In this way IAM helps to reduce the attack surface through the principle of “least privilege”. IAM reduces these risks through automating the processes around managing users and access entitlements as well as for auditing to identify excessive risk.
At the same time, IAM also plays an important vital role in business enablement by ensuring that employees, contractors, business partners, and customers can access the applications, systems, and data that they need. IAM provides the tools behind the workflows and automated processes for onboarding users and granting them the access they need to be productive. When done correctly, IAM not only optimizes the onboarding and change processes, but also ensures that entitlements are revoked, and accounts are deleted or deactivated when they are no longer required.
Identity Governance and Administration or what is sometimes described as “core IAM” come under the wider definition of IAM which includes additional capabilities such as Privilege Management, Web Access Management, Identity Federation, and more.
IGA includes two core elements Identity Provisioning and Access Governance. Identity Provisioning supports automating the processes for creating and managing user accounts and their high-level entitlements across the variety of systems and applications in use, while Access Governance adds the capabilities needed to analyse entitlements, conduct regular reviews and recertification of access rights, as well as providing an efficient access request workflows.
These core capabilities of Identity Provisioning and Access Governance frequently are available in combined products or in suites with a good level of integration between the various technical components. The Access Governance element is essential to support cooperation between business and IT. Business requests and approves the relevant access, which must be mapped to technical entitlements. This is a complex interface that also covers the ongoing management and reviews of entitlements as well as supporting controls to prevent and identify high risk combinations of entitlements through for example, Segregation of Duties controls.
Having an infrastructure for Identity Provisioning and Access Governance in place is the cornerstone for successfully managing identities, their accounts, and their entitlements across the heterogeneous and increasingly hybrid IT infrastructure of organizations. Enabling and protecting the Digital Transformation requires IGA.