CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | DECEMBER 20198CIOReviewBUILDING A SUCCESSFUL IDENTITY GOVERNANCE & ADMINISTRATION (IGA) FRAMEWORKBy Partha Chakraborty, Director ­ Infrastructure Security Architecture IS Strategy, Architecture & Innovation, Bank of MontrealWhy do we need IGA?Today every industry is going through massive digital transformation initiatives to provide faster, better and cheaper services to their customers. Significant progress in development technologies like API & microservices, agile hosting services like cloud and high-speed mobility solutions are propelling the adoption of digital initiatives around the world. It has become even more important to look at the security aspects of the applications with cloud and mobile enablement where the traditional perimeter is diminishing at a fast pace. Managing identities and their access to the applications with full granular visibility is extremely crucial for the security teams. It is indeed a complex task to manage provisioning & deprovisioning of accesses needs across employees, customers and partners for an enterprise. IGA or identity governance and administration solutions form the backbone of a solid security foundation in today's agile organizations. IGA Components & Market ForecastIt is important to understand what functions are expected out of an IGA solution. Access provisioning, deprovisioning, entitlements management, ensuring separation of duty, access reviews & certifications, identity lifecycle management, analytics & reporting are some of the common themes across the vendors playing in this segment. According to a recent report published by the research firm Marketsandmarkets.com, IGA market is projected to grow up to $7.7B by 2023. Clearly there is a focus and interest in this segment from the security industry driven by risk & compliance needs. Focus areas of a successful IGA Implementation ­ is it a technology or business problem to solve?Often organizations spend more time in selecting a technical feature rich product to implement IGA where as the success the of the program lies on the proper integration of technology with the business processes. If an organization does not have the right processes and governance in place at HR or Finance departments to identity and track an employee in its journey through the organization, technology solution alone will not be able to enforce a proper identity governance. There are organizations where voluntary or involuntarily terminated employees maintain access to the corporate system for extended duration of time, vendor partners retain system access after the closure of the contract. These loopholes in identity and access governance lead to security incidents and data breaches. The following are the focus areas for security teams to implement a solid identity governance program.IN MY OPINION
< Page 7 | Page 9 >