Welcome to the introductory post in our “Meaningful Outcomes” series on Identity Governance and Administration (IGA).
If you are here and reading this, you probably do not need an introduction to IGA. On the other hand, you are likely curious what we have to say about improving outcomes and results in your IGA initiative(s). It’s no secret that IGA initiatives fall short in many organizations. I discussed some background in the lead-in post over at LinkedIn.
I look forward to discussing our thoughts on delivering meaningful outcomes in IGA programs, in a series of posts over the coming weeks.
For now, I’ll provide a set of key statements, each of which I’ll explore in details over the series of upcoming posts.
- Data quality is an afterthought and the IGA solutions can’t help much. Nothing is perhaps a more foundational prerequisite to a IGA program than the quality and completeness of identities and their accounts/entitlements data. IGA products and programs often fall short in their capabilities and execution.
- Times have changed in security/privacy risk management but IGA solutions haven’t kept pace. Effective and sustainable compliance and security/privacy risk management today require different approaches than they did 12 years ago when much of today’s features and approaches in IGA were founded.
- Not focusing enough on your strengths and trying to solve a problem that’s best delivered by other security solution(s). IGA solutions’ strengths lie in governance, enforcement, maintenance of identities and their access to various systems. Their foremost value in risk management could well be in providing identity-entitlements context to other solutions in a security program. Most IGA programs don’t deliver or focus nearly enough on this objective.
- Implementing IGA solutions with IGA-only specialists. Use of broader security-privacy expertise (in addition to IGA specialists) as a core part of IGA project teams is critical to the success of a IGA implementation and program. This is important throughout the implementation cycle and especially during the strategy, requirements gathering and design phases.
In my view and experience, these are among some of the common issues that lead to underperforming IGA initiatives. I look forward to discussing each of these in details in the upcoming posts and providing specific suggestions or recommendations.