Modern IGA is trending! It has all valid reasons around it for having an edge over the Traditional IGA. If you’ve been looking into this, before deciding whether you need Modern IGA or if it is time to upgrade Traditional IGA solution to next level, it is very important to understand to ponder on below points:
- What your organization/customer needs?
- What this Modern IGA offers which Traditional IGA doesn’t?
- Do you really need it?
So, to answer these three critical issues, let’s start with its history and basics.
History and Basics of IGA
IGA stands for Identity Governance and Administration. This term was coined by Gartner in late 2012, and in 2013 Gartner released its first magic quadrant for IGA. IGA is a solution and not a product. It is a recommended core component of any organization’s IAM infrastructure, which is based on a deeper integration of Identity Lifecycle Management and Identity Governance. The need for Identity Governance and Administration solutions emerged alongside stringent data regulations such as the Sarbanes-Oxley Act(SOX) and the Health Insurance Portability and Accountability Act (HIPAA), which required improved transparency and data management.
This IGA Solution helps you to:
- Shift the decision level controls to business.
- Reduce the operational costs through automation.
- Increase the security over access and controls, through a deeper identification mechanism.
- Improve your organization’s compliance.
Having said that, it is equally important to understand organization’s strategy and objectives around Cybersecurity and IAM before taking about it.
Categorize Your Organization and Customer Needs Specific to IAM!
Every customer has their unique IAM requirement depending on the nature of business they do. In perspective to security, you will always find three types of organizations and customers:
- Those who have been hacked, understand the complete pain and working on curative actions to minimize or reduce the risk surface to acceptable limits.
- Those who haven’t faced any such activity yet, but are cautious, intelligent, and proactive to take preventative actions to stay away from these painful consequences.
- Those who don’t know anything about it and curious to hear about what to do.
But, irrespective of what type they fall under, it is very important to understand which category their requirements lie. OCM (Organization’s Capability and Maturity) graph will help you to identify this need and further allow you to categorize customers under various categories. There are various tools and techniques which could help you to gather your organization/customer requirements. This includes:
- Identify the IAM Journey Stakeholders and IAM buyer-personas.
- Conduct interviews with these identified executives.
- Send questionnaire and conduct surveys in wider/closed groups (as suggested by the business).
- Proactively create of requirement documents (based on your deep tech relations with organization/customers) and validate that with the various stakeholders.
Once you are done with this analysis, it is very easy to map your organization or customers from an IAM maturity perspectives. These categories are Novice, Basic, Intermediate, Advanced, Innovators, and Innovators & Fully Matured.
And, once you have identified the category, it becomes very easy to suggest which level of IAM Security engine they need. Now, if your analysis highlights that the existing organization is above basic category and their roadmap aligns to identity-centric security, it is highly recommended and certainly a right time to get aligned to the journey of IGA and start working intelligently over the Identity Foundation. In IGA, you will find two varieties in the market, one is the very lightweight and Traditional IGA and second is Modern IGA.
So, it is very important to understand the practical details of Modern and Traditional IGA.
Modern IGA vs Traditional IGA
Modern IGA refers to a set of practices, processes, and technologies used to manage and secure digital identities within an organization. It includes the management of access control, user permissions, and user provisioning.
Modern IGA solutions are designed to address the challenges of managing identities in modern digital environments. With the rise of cloud computing, mobile devices, and remote work, organizations must be able to manage identities across a range of platforms and applications while ensuring security and compliance.
Now, if we dissect deeper to understand what has changed in Modern IGA if we compare this with the Traditional IGA.
In Traditional IGA, data collection and publishing options are manual and human intervention was required to do these tasks. Sometimes this impacts the review cycles and later would impact scheduled policy enforcements. Again, it ended up with manual tasks to keep these activities running.
Traditional IGA had an extremely basic and almost 100% manually driven ARA (Access Request and Approval) system. When it came to application integrations, in most cases, it was turning into a custom development. Most of the Traditional IGA platforms lacked built-in risk management and SOD analysis suite. When it came to 3rd party vendor product integration via APIs, it was again a bleak feature.
These entire issues have been taken care of in the Modern IGA. Key features of Modern IGA solutions include:
Automated User Provisioning, Static and Dynamic Role-based Access Control, Event/Risk driven Access Certification or Microcertifications, Robust Password management or enabling end users to go password-less, huge list of OOTB (Out-of-the-box) templates to onboard application, Recommendation and Policy driven ARA mechanisms and UEBA driven Identity Analytics.
Additionally, Modern IGA also does a lot of heavy lifting around unstructured data governance and administration.
The Million-Dollar Question: Do We Really Need Modern IGA?
Well, if you have understood your organization and customer requirements, the categorization of your IAM needs, and the capabilities of Modern IGA, you should know the answer. The ball is in your court, and you are the best one equipped to make these decisions.
How Can OpenText Cybersecurity Help?
The NetIQ Product Portfolio is a part of OpenText Cybersecurity (formerly Micro Focus CyberRes). The NetIQ Identity Governance and Administration Solution is built on a common identity foundation.
On a very high level it is served by three different products from our NetIQ Portfolio:
- Identity Manager (Off Cloud/On-Cloud(Native))
- Identity Governance (On-Cloud(SaaS)/On-Cloud(Native)/Off-Cloud)
- Data Governance and lifecycle manager (File Reporter + File Dynamics) (Off Cloud/On-Cloud(Native))
It offers complete feature parity off-cloud/on-cloud. While designing the solution for customers, you could use these high-level components based your ease and comfort. We know that you know your customers better than anyone else. So, it’s your decision what you want to use and where you want to use. From product perspective, we assure you that we can deliver your simple-complex use case using these products, in any deployment mode (either complete off-cloud, hybrid mode, on complete on-cloud). Here is a glimpse of our NetIQ IGA solution.
We would love to interact, discuss, and consult you on any of your questions regarding your Modern IGA Journey for your organization or your customers. Share your thoughts on this blog. Log in or register to comment below
Join our IGA Community | IGA User Discussion Forum | Tips & Info | IGA Idea Exchange | NetIQ Product releases | NetIQ Unplugged YouTube channel