In this article, Appmore interviewed Samu Harrinvirta (Head of Solution Advisory at Intragen). Intragen enables organizations to secure their data using a range of identity-first security solutions, implemented by their specialist team of Identity and Access Management consultants. Samu has over 20 years of experience working in IT security.
Great to have you here Samu. Let’s start with the first question, what is Identity Governance and Administration (IGA) all about?
Identity Governance and Administration (IGA) is comprised of two parts: identity management and access governance. Identity Management concerns the lifecycle management of users and identities and what they can access. Access Governance is more about checking that the right people have access to the right things to do their job, and this involves recertification, auditing, reporting and analysis for risk and compliance.
In your experience, what do customers expect from Identity Governance and Administration (IGA) solutions?
Customers expect an identity governance solution to cover core functions such as identity lifecycle, access request and certification, policy and role management, and auditing etc. One of the biggest challenges when it comes to IGA is its deployment, as a lot of organizations lack the skills to do this in-house. Therefore, I think customers are always looking for solutions that are easy to deploy and easy to manage going forward, with an intuitive interface for the best possible user experience. Today customers typically want consumer-like ease of use for IGA processes that are often enabled by cloud services as on the consumer side as well. Also, additional capabilities such as license management are discussed more often as the products have matured in this sense.
How did the identity management market develop during 2021?
When Covid first started, a lot of identity management projects were pushed back. This has led to the challenge of development debt – a backlog of projects requiring more resources than what is available. Secondly, the shift to remote work has accelerated the shift to the Cloud because everyone started needing access from anywhere. In addition to that, smaller organizations are becoming interested in improving IGA due to the increase in data breaches during the pandemic.
What have been the typical drivers for customers to improve identity governance in 2021?
Organizations are different and so are the drivers. We have seen four typical drivers
- Cyber threats have increased a lot in recent years, and we see companies investing more in security than five years ago. Remote working, as well as a continued emphasis on regulatory compliance, such as GDPR, have contributed to this. The actual driver, in this case, is to mitigate security risks that could have a major financial and reputational impact.
- Employees are expecting a similar experience as a consumer – expectations and demands are increasing as technology advances to eliminate user experience friction. For identity governance, this means an expectation for all requests and approvals taking place in a single, easy-to-use portal that’s accessible anywhere at any time.
- Modernization of HR – many organizations are in the process of upgrading their HR systems. User account management processes require automation and changes to connect to the new HR. IGA facilitates and automates the process of connecting the HR system to the target system without the need for manual back-and-forth actions.
- Technological barriers – legacy identity management (IDM) solutions implemented ten years ago or even earlier do not have critical access governance capabilities. Now we have “real” IGA solutions that combine IDM with Access Governance, it has become fundamental to future-proof the IT landscape. Given that most applications are already cloud-based, this is a key driver for organisations to also move their identities and IGA to the Cloud.
What do you see as restraints for customers when it comes to improving identity governance?
Traditionally IDM or IGA have had their own self-service portal. IT departments also have a self-service portal for ticketing and ITSM, meaning there are two different self-service portals for end-users. This has an impact on both user experience and productivity.
What do you see as the solution to this?
Some IGA tools have integration between major ITSM tools so that users only have a self-service portal, but none of these are perfect as they often require costly customizations or maintenance. Alternatively, certain ITSM tools have their own IGA solutions, such as ServiceNow, which removes the need for integration and maintenance.
What kind of trends do you see in the market that the customers should prepare for 2022?
As previously mentioned, we’re seeing regulatory compliance as a key driver for fortifying security measures. The EU’s data protection authorities (DPAs) issue fines for non-compliance and there have been a growing number of instances more recently. In 2021, the DPA from Luxembourg (CNPD) fined Amazon Europe Core S.a.r.l. €746,000,000 for failing to process personal data in compliance with the GDPR. The increased awareness of penalties like these is driving demand for solutions that facilitate compliance.
We also expect identity-first security investments to grow as new cyber threats emerge and evolve. Identity governance solutions play a major role in strengthening an organization’s security posture, so I think a trend we’re likely to see is IT leaders opting for full-featured IGA technology to deliver all capabilities.
Thank you, Samu for the interview, any final words for our audience?
Thank you for the opportunity to share my thoughts. For the readers, if you found this article of interest, do not hesitate to contact me, or visit https://resources.intragen.com/servicenow-iga to read more about identity governance.