Old vs. Modern Identity Governance and Administration (IGA) solution

What IGA is all about?

As the term IGA might not be familiar to all our readers, let’s start by explaining what IGA is all about. Identity Governance & Administration (IGA)  is a framework of policies and technologies for ensuring that the proper people in a corporation have the appropriate access to technology resources. Outside Cybersecurity teams, IAM, IGA, and IdM are used to describe the same processes – management of employee and external identities.  Having identity management done correctly you can save costs, enhance your security, enable employees to be more efficient and happier as well as help you pass audits related to identities and accesses.

Identity Governance and Administration includes the following activities:

  • When a person joins an organization, provide accounts and access efficiently and in a secure manner
  • Segregate duties to ensure compliance with regulations
  • When a person moves to new position update accounts and accesses them efficiently and in a secure manner
  • Reconcile account and access data to enable a single source of truth for the identity-related account and access rights
  • Recertify that active accounts and access rights are still valid
  • When a person leaves the organization ensure that all accounts are inactive and accesses removed

How IGA has been deployed in the past and what have been the main challenges?

In the early 2000’s Identity management systems included their own portal, access approvals, and automatic or manual provisioning capabilities. IT Service Management and IdM were deployed in separate platforms. This is cumbersome and inefficient for the end user and also for the administrators as they had to learn and use many different user interfaces.

Typical IGA solutions today

Nowadays we see companies having two typical IGA solution approaches. One that reminds me of the famous spaghetti architecture and another one that could be named “bury your head in the ITSM sand”.

Spaghetti architecture

In the spaghetti architecture, IGA tool is closely integrated with the ITSM tool. The benefit of this approach is that the organization can use modern IGA tool with proper self-service portal capabilities for the end user and provide some visibility for the Service Desk to IGA also.

The downside of this approach is that there are several integrations for example to transfer metadata, approval information, user account information user access information, provisioning information, etc. From ITSM as well as IGA perspective this is a custom solution which means it requires a lot of implementation and maintenance work. Also, it is not widely tested from a security perspective and is typically not documented as well as the standard capabilities.

“Bury your head in the ITSM sand” architecture

In this architectural approach, ITSM requests are used to manage account and access requests. IGA capabilities are built as a custom solution to the ITSM platform. From ITSM’s perspective this is an easy, but  very risky approach. Typically important capabilities such as Segregation of Duties, HR integrations, and access review capabilities are missing due to a lack of knowledge or budget. Also extending this kind of architecture over the years requires a lot of work. 


What You should require from IGA solution today?

Organizations should expect service providers to deliver standard IGA applications on the Service Management Platform.  The organization would benefit from one standard service portal that makes the life of the end users easy, one approval engine so that managers do not need to change the system whether they are approving user accounts or laptops, and one task management list so that Service Desk and other IT-specialists can see all the work in one queue in the service management platform.

This approach does not require integrations with 3rd party IGA applications, which saves time and effort for the organization.

A modern Service Management platform is a future-proof option for IGA processes due to the size and delivery capability of organizations such as ServiceNow and Atlassian. Atlassian recently purchased for example Percept.AI for virtual agent technology whereas ServiceNow purchased RPA vendor Intellibot. These are capabilities that also benefit the IGA applications run on the service management technology. Learn more from the buttons below.

DE