Providing the right people with the
right access at the right time is critical in any organizational
environment, irrespective of its size. In this age of explosive growth
in network communications, increasing collaboration and policies like
BYOD it is challenging for enterprises to determine who all have access
to what resources and what they are doing with their access. A
comprehensive governance control is essential to reduce the risks
relating to unauthorized access, mishandling of sensitive data which can
take a toll on the reputation of the organization. It is also critical
to comply with governance regulations that mandate access controls.
Traditional IAM (Identity and Access Management)
is focused on access management, provisioning and de-provisioning
related compliance. Enterprise still struggled to meet compliance, since
this is not an all-inclusive solution. It focusses more on automation
of the user life cycle. Traditional IAM implementations are IT driven
rather than business driven. Provisioning driven approach rarely achieve
expected business value. Traditional IAM is not involved in user access
review or periodic user access certification. The classic example is a
user requested and granted accesses for a critical application for a
temporary time period, in this aspect zero visibility on unwanted access
and its usage. Governance driven IAG gives you real-time visibility
into access changes.
Historically, IAM
systems are used in IT organizations for managing the life cycle of
user accounts in multiple systems. These systems are connected to user
directories to get the user for their authentication and basic profiles
such as name, title, department etc. With this information, IAM can tell
who the user is, but it cannot give you information about a user’s
entitlements- which is key to an application as it will decide what each
user can do with application and data. The challenge with provisioning
driven approach is – for e.g if a user request and get access for an
access for a CRM application. If the access is controlled using a group
or entitlement, traditional IAM will provision the user to entitlement,
but it doesn’t provide the visibility to what the user exactly can do in
CRM using this entitlement.
IAG (Identity and Access Governance)
systems help business people to determine what a user can do within an
application. It collects information about user identities, entitlements
and roles from all applications. In addition, IAG will provide more
visibility of an entitlement in applications and it will present
information about each entitlement in a business context rather than
technical context. This will help business managers to understand the
entitlements that the users request for and this will enhance the
compliance to applications.
Governance driven IAG is more
concentrated on a risk driven approach. Also it is more focused on
entitlement management and this can provide a more granular level of
visibility of user access. This approach will enable periodic user
access review and certification of user access. Governance driven IAG
focusses more on the fast integration of applications across multiple
platforms and provide more visibility of user access. This model ensures
appropriate access for all users and ,\ automate user access review
process and also simplifies the provisioning and de-provisioning
problem.
In today’s complex IT landscape where
solutions are dependent on multiple heterogeneous platforms and
enterprise applications extend their presence into mobile and cloud
space, tighter regulatory controls are required to protect the
enterprise data from unauthorized access. Governance driven Identity and Access management allow organizations to review, audit and enforce policies for fine-grained access privileges
across the IT environment. It can also bring in end-to-end visibility
and control across all critical systems and applications – a breadth of
coverage that is more efficient and reliable than traditional IAM solutions.
