1 Introduction
In the age of digital transformation, not only the requirements for IT but also the way IT is done, are continually evolving. To remain relevant, organizations must reinvent themselves by being agile and more innovative. Emerging technology initiatives such as the digital workplace, DevOps, security automation, the Internet of Things, and RPA/Botscontinue to expand the attack surface for organizations as well as introduce new digital risks. To stay competitive and compliant, organizations must actively seek new ways of assessing and managing security risks without disrupting the business. Security leaders, therefore, have an urgent need to constantly improve upon the security posture of the organization by identifying and implementing appropriate controls to prevent such threats.
IGA concerns the capabilities in the IAM market that broadly deal with end-to-end identity life-cycle management, access entitlements, workflow and policy management, role management, access certification, SOD risk analysis, reporting, and access intelligence. As IGA becomes a vital security risk and management discipline, directly impacting the security posture of any organization, a lack of basic IGA capabilities can leave organizations exposed to risks originating from inefficient administration of identities and access entitlements, poor role management, and a lack of adequate auditing and reporting. These risks range from identity thefts to unapproved and unauthorized changes, access creeps, role bloating, delays in access fulfillment, orphan roles and accounts, SOD conflicts leading to occupational and other internal frauds. Several incidents in recent past have emphasized the need to have better IGA controls for organizations of all sizes across all industry verticals.
IGA also refers to the increasingly integrated Identity Provisioning and Access Governance markets. Where Identity Provisioning focuses on tasks related to administering access fulfillment and entitlements throughout an identity life-cycle, Access Governance provides necessary (mostly self-service, as well as delegated administration) tools for business to manage workflows and access entitlements, run reports, access certification campaigns and SOD checks. Access intelligence is the analytics layer over Identity Provisioning and Access Governance that offers business-related insights to support effective decision making and potentially enhance governance.
Privileged Access Management (PAM), over the past few years, has become one of the most relevant areas of Cyber Security associated with IAM (Identity and Access Management) that deals with identifying, securing and managing privileged credentials and the resulting access across an Organization’s IT environment. Once considered a technology option for optimizing administrative efficiency by managing passwords and other secrets, PAM has evolved into a set of crucial technologies for preventing security breaches and credential thefts. PAM today concerns Security and Risk Management leaders as well as Infrastructure and Operation (I&O) leaders across the industries for many security and operational benefits. Emerging PAM challenges related to SaaS and IaaS environments include privleged access to interfaces such as APIs, DevOps tools, App Consoles, Workloads, etc. Future tends may show a convergence of IGA and PAM in market as seen by IGA vendors partnering more with PAM vendors, or building PAM capbailities directly into their IGA solutions, although PAM capabilities in these instances may be limited.
Founded in 2010, Saviynt is a privately held company headquartered in Los Angeles, CA, with offices in the US, UK, and India. Saviynt provides Identity and Access Governance and Cloud Security solutions in a single platform with add-on modules to secure on-prem and cloud-based applications, data, and infrastructure. The Saviynt Security Manager for Enterprise IGA platform combines advanced analytics and intelligence with fine-grained, role, entitlement, and privileged access management. Saviynt’s customers are worldwide, including companies in the finance, banking, insurance, healthcare, and the oil & gas industries, to name a few.