Providing the right people with the right access at the right time is critical in any organizational environment, irrespective of its size. In this age of explosive growth in network communications, increasing collaboration and policies like BYOD it is challenging for enterprises to determine who all have access to what resources and what they are doing with their access. A comprehensive governance control is essential to reduce the risks relating to unauthorized access, mishandling of sensitive data which can take a toll on the reputation of the organization. It is also critical to comply with governance regulations that mandate access controls.
Traditional IAM (Identity and Access Management) is focused on access management, provisioning and de-provisioning related compliance. Enterprise still struggled to meet compliance, since this is not an all-inclusive solution. It focusses more on automation of the user life cycle. Traditional IAM implementations are IT driven rather than business driven. Provisioning driven approach rarely achieve expected business value. Traditional IAM is not involved in user access review or periodic user access certification. The classic example is a user requested and granted accesses for a critical application for a temporary time period, in this aspect zero visibility on unwanted access and its usage. Governance driven IAG gives you real-time visibility into access changes.
Historically, IAM systems are used in IT organizations for managing the life cycle of user accounts in multiple systems. These systems are connected to user directories to get the user for their authentication and basic profiles such as name, title, department etc. With this information, IAM can tell who the user is, but it cannot give you information about a user’s entitlements- which is key to an application as it will decide what each user can do with application and data. The challenge with provisioning driven approach is – for e.g if a user request and get access for a CRM application. If the access is controlled using a group or entitlement, traditional IAM will provision the user to entitlement, but it doesn’t provide the visibility to what the user exactly can do in CRM using this entitlement.
IAG (Identity and Access Governance) systems help business people to determine what a user can do within an application. It collects information about user identities, entitlements and roles from all applications. In addition, IAG will provide more visibility of an entitlement in applications and it will present information about each entitlement in a business context rather than technical context. This will help business managers to understand the entitlements that the users request for and this will enhance the compliance to applications.
Governance driven IAG is more concentrated on a risk driven approach. Also it is more focused on entitlement management and this can provide a more granular level of visibility of user access. This approach will enable periodic user access review and certification of user access. Governance driven IAG focusses more on the fast integration of applications across multiple platforms and provide more visibility of user access. This model ensures appropriate access for all users and ,\ automate user access review process and also simplifies the provisioning and de-provisioning problem.
In today’s complex IT landscape where solutions are dependent on multiple heterogeneous platforms and enterprise applications extend their presence into mobile and cloud space, tighter regulatory controls are required to protect the enterprise data from unauthorized access. Governance driven Identity and Access management allow organizations to review, audit and enforce policies for fine-grained access privileges across the IT environment. It can also bring in end-to-end visibility and control across all critical systems and applications – a breadth of coverage that is more efficient and reliable than traditional IAM solutions.
Jagadeesh is a former Happiest Mind and this content was created and published during his tenure.