How to Govern Digital Identities and Access in a DX World

How to Govern Digital Identities and Access in a DX World

Identity Governance is crucial to a security program. It is also complex. Organizations change constantly. Add to this that exposure points are increasing as more sensitive data gets stored both on-premise and in the cloud and that employees and other users need to be up and running with access privileges that fit their roles (not more or less) even when they work offsite. Moreover, when responsibilities change or people leave organizations, access is required to adapt quickly to close new, exploitable security holes. There are also an increasing number of bots, friendly and hostile, that now move within environments. It’s a delicate balance to maintain continuous compliance, yet make sure the right people get the access they need to the right systems, applications, and data to meet business goals. 

 

There is a plethora of technology that, if implemented correctly, can bring automation and standardization to your program to help address the lack of resources and expertise as well as reduce costs. The key is not to adopt new tools and technologies that create additional complexity rather than solve for it. 

 

Set it and forget it?

 

Recently, the emergence of Identity Governance as-a-Service has helped solve some of these issues and automate the process of governing identities without compromising security or compliance. It enables companies of all sizes to successfully evolve through their Digital Transformation (DX) while reducing the workload of the help desk and IT operations team. Automated policy enforcement helps businesses compete in an increasing DX world without risking their digital identities and access rights, on and off-prem. The key goals of Identity Governance as-a-Service are to protect the organization while still reducing workload by automating as much as you can, lowering your risk and compliance effort costs.

 

When evaluating an Identity Governance as-a-Service provider and its offerings, here are some things to keep in mind:

 

  • Experience – Look for an end-to-end security partner – they will better understand how Identity Governance as-a-Service fits into your overall security program and not give you a siloed solution. 
  • Resource Commitments – Does the system require significant software and skillset expertise investments? Be wary of adding to your workload. 
  • Ease-of-use – Non-intuitive interfaces will only add to workloads and frustration levels. Find a comprehensive multi-tenant solution that can be rapidly deployed, allowing users to connect to and use identity governance services from the cloud.  

 

At the same time, look for these features:

 

  • Customization – Match your needs and budget.
  • Access Request – Interfaces and workflows for requesting and approving new access to systems and applications; Self-service access request empowers users to manage their own access. This boosts security through automated and consistent policy enforcement. Streamlines access request processes and reporting. 
  • Provisioning – This streamlines the onboarding of new employees with fast and automated provisioning of new access.  Ensure that access can change appropriately as an employee’s role evolves. Include the automation of deprovisioning all access as well when terminating employees. 
  • Access Certification – Make sure you can review who has access to what (this confirms each user/role can only access the resources needed to perform their job function). This increases security through visibility and allows for periodic automated reviews of who has access to critical applications. It also reducdes time and costs by streamlining and simplifying audit processes and reporting. 
  • Password Management – Unify and centralize password management across data center, cloud, and mobile resources. Automate password management policies and the unlocking of accounts to systems and applications. This reduces operational costs by decreasing help desk calls for password resets, helps keep employees mobile and productive by minimizing the time they are locked out of accounts, and strengthens security through consistent password policy enforcement. 
  • Separation-of-Duties – This feature helps discover potentially conflicting permissions to reduce the risk of fraud or compliance violations. And it allows you to maintain regulatory compliance by creating policies and applying consistent and automated enforcement across the entire organization. Risk is reduced by discovering potential conflicts of interest through automated alerts that recommend remediation actions. And it will ease audit compliance with detection of control failures that include security breaches, information theft and circumvention of security controls.
  • Governance Platform – Look for a common framework that centralizes identity data, captures business policy, models roles, and takes a search-based, event-driven, proactive approach to managing users and resources. It should be a single system of record for all things identity – users, applications, and entitlements with an identity warehouse for discovery, aggregation and correlation of identities, access and data. 

 

Optiv’s expert Identity Governance team has more than 12 years of experience in implementing and managing leading Identity Governance solutions and programs. Learn how fully leveraging the cloud can simplify and strengthen your identity governance program while lowering operating costs.

Julie Talbot-Hubbard
Global Vice President and General Manager of Digital Identity and Data Services
Julie is an experienced cybersecurity practitioner, technology executive and former Chief Information Security Officer (CISO). At Optiv, she is responsible for delivering solutions that balance risk, business realities and operational impacts for Identity and Data Management. Prior to Optiv, Julie held executive positions at global finance, education, health care and technology companies. She was nominated for and attended the FBI Executive CISO Academy and is a board member at the Identity Defined Security Alliance.