“But that’s the way we’ve always done it” isn’t much of a defense for the old siloed approach to identity governance and administration that so many organizations continue to rely on. When organizations stop treating identity governance, day-to-day-access management, threat detection, and risk management as separate, siloed activities, and instead allow these disciplines to work together and inform each other, they break through the barriers that can interfere with effective identity governance.
Why Do You Need an Integrated Approach to Identity Governance?
Cloud, mobility and a growing remote workforce are all part of the digital transformation many businesses are undergoing today – but along with the opportunity that transformation creates, there's also risk. Taking a siloed approach to identity governance puts your organization at a disadvantage for managing that risk. It locks you into multiple point solutions that narrowly address individual issues, which makes it more difficult to pivot and adapt rapidly as the user population grows, threats evolve and regulatory pressures increase.
Three Sources of Insights to Transform Your Identity Strategy
Shifting to a more integrated approach to identity governance is part of a larger process of transforming your identity strategy to meet today’s needs. It all starts with applying information and insights from three sources to help break down the silos that get in the way of effective identity governance:
- Identity insights provide context to understand who the user is (an employee? contractor? maybe even an IoT device?), what they can access and why they have that access.
- Threat intelligence from threat detection and response systems shows how access is being used; these systems can also alert the identity team when access appears to be associated with a cyber threat
- Business context includes information from integrated risk management systems to help you understand whether a user’s access poses a business risk to the organization.
Additional context around identity risks and policy violations can also be helpful in improving decision-making throughout the identity lifecycle.
…and One Note of Caution
It’s important to keep informed about new technologies and other innovations that could be helpful as you move toward new, better-integrated ways of approaching identity management in general and identity governance in particular. Just be aware that not every new idea is going to have the staying power to enable long-term, meaningful progress. Take blockchain, for example: It may turn out to be a transformative technology for next-generation identity and access management – but it hasn’t necessarily proven itself in that sense yet. So be cautious. Stay focused on determining the basic steps you can take to integrate access control, threat detection and identity governance and administration – and put your organization on the path to a less-siloed, more effective approach to identity strategy.
To learn more about what RSA is doing to ensure that its own identity governance solution works as part of an integrated identity strategy, check out the webcast “What’s Next for RSA Identity Governance and Lifecycle: Product & Solutions Roadmap Update.”