Although it began as a necessity, organizations have now accepted remote work as a viable long-term arrangement. The shift to a hybrid workforce requiring access to hybrid infrastructure/applications and as-a-Service (aaS) offerings, has spawned critical risks and challenges in Identity Governance and Administration (IGA). These new risks need to be addressed on a war footing with future-proof security and compliance mechanisms. Ensuring secure access, compliance, and data protection for this new IT reality mandates a drastic transformation in IGA strategy and an intelligent, next-gen IGA solution.
GAVS recently conducted a webinar on IGA where industry leaders in the Identity and Access Management (IDAM) space discussed the new realities for hybrid infra models (on-premise, cloud), the implementation challenges, future trends in IGA, and also demonstrated a leading IGA solution. This blog captures some of the key discussion points and takeaways from this webinar on ‘Identity Governance & Administration on Hybrid Infrastructure Models.’ The link to the entire webinar is available at the end of the blog.
The webinar had eminent speakers and leaders from Saviynt Inc. and GAVS Technologies:
Suresh Ramamurthy – VP, India and the Middle East, Global Partnered Organization, Saviynt has 27 years of experience with over 15 years in Cyber Security (Identity and Access Management).
Karthick Rajan is a Solutions Consultant at Saviynt with over 13 years of experience and is currently supporting Saviynt in Identity Governance and Administrative initiatives in the APAC region.
With over 15 years of experience and profound knowledge in Cyber Security, S Sundar is a Senior Technical Manager at GAVS, leading the Digital Identity tower within the organization. The webinar was moderated by Kannan Srinivasan who is one of the heads of the Cyber Security team at GAVS.
Understanding Identify Governance and Administration
As businesses expand, changes such as adding new products or functionality enhancements to existing applications, or infrastructure-related changes like moving to the cloud or upgrading hardware or creating new instances in completely different locations become inevitable. With these changes come administrative challenges such as:
- No structured process to regulate timely access in tune with the org changes
- Manual identify governance which is labor-intensive
- Struggle to meet regulatory compliance
- No overall view of risks and security gaps
- Inability to track non-employee identities such as for contractors, temporary resources
In such business scenarios, inefficient processes to keep track of access-related changes can lead to security compromise, that could in turn cause major data breaches and resulting losses, penalties. This is where IGA plays a key role. IGA refers to the centralized management of access controls and identity management practices to meet regulatory and industry standards. IGA is established to effectively streamline provisioning of access based on the roles of the team members designed specifically for that organization. With effective IGA, an organization can stay on top of dynamic changes, have complete control over and visibility of all access and entitlement, to make informed decisions. Simply put, it ensures the right people get the right access for the right reason and at the right time. However, Gartner estimates that 50% of organizations that implement IGA face various issues due to lack of business prioritization, overambitious scoping, lack of clarity in vision, treating IGA as a one-time project, etc. So to succeed, IGA needs to go beyond being considered a technical project to being adopted as part of business strategy. And, needless to say, the right IGA solution deployed the right way in alignment with organizational needs is imperative.
IGA Implementation Challenges in a Hybrid Model
Organizations making the shift to the cloud must fully consider the security implications of these infrastructure changes. This shift in strategy has disrupted the identity governance and access management priorities within companies raising several implementation challenges such as:
- Security – Data encryption, Multi-Factor Authentication (MFA), third party complaints, password protection
- Customization – Customization for legacy and in-house applications, customization and branding per customer requirements, customization in multi-tenant environments
- Provisioning – Implementing provisioning for in-house applications, integration of disconnected applications, multiple user directories and admins
- Compatibility – Between on-premise, cloud, and multi-tenant cloud assets
- Compliance and Governance – Implementation of Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC) in hybrid models, implementation of Segregation of Duties (SoD) and policies, audit and access review implementations
Role of IGA in Hybrid IT model
In a hybrid model, there is the need for a highly functional and capable solution that can manage the life cycle of each user within the enterprise with regards to the access he or she has got and the changes to these access privileges as this person changes roles or moves within the enterprise, and timely removal of orphan accounts in case of employment termination. The hybrid model is disrupting what were once routine processes in traditional organizational set-ups. Gartner forecasts that in 2022, 12.5% of the total enterprise IT spending in EMEA will be towards the cloud. This massive move towards hybrid infrastructure across the globe has fueled and will continue to fuel IGA momentum.
To understand the role of IGA in a hybrid IT model, we will use the example of the Saviynt Enterprise Identity cloud. The single platform acts as an intelligent identity warehouse offering 360-degree visibility by connecting all applications and workloads of any kind – in the cloud or on-premise through operating system databases. With the established connection, all account information, entitlement information, audit logs, activity logs can be stored in that single warehouse that can be used to correlate for better visibility. This centralized approach that offers unhindered visibility to the IT landscape and the related access/privileges, is foundational to any effective IGA solution. This offering also has other features such as
- Identity Governance and Administration
- Privileged Access Management
- Application Access Governance
- Third-party Access and Risk Management
- Data Access Governance
With rich expertise, extensive experience, and industry partnerships in the cyber security and data protection space, GAVS caters to the full suite of organizational cyber security and data privacy needs – assessment/advisory, operations, and/or strategy – and can help you overcome your most critical issues to establish a robustly secure enterprise.
For more on these services, please visit https://www.gavstech.com/service/security-services/ and https://www.gavstech.com/service/data-privacy-services/.
This blog offers only a high-level gist of the webinar. You can watch the entire discussion, including the poll questions and the experts’ answers to audience questions here.
GAVS periodically organizes insightful webinars with GAVS’ tech leaders, the leadership team, and industry thought leaders to explore current and emerging trends. To watch all of our webinar and event recordings, please visit https://www.gavstech.com/videos/.
