Across the globe, technology continues to evolve the face and shape of every organization. This evolution has swept organizations all over the world—big and small—and it’s referred to as a digital transformation. It may sound like the buzzword du jour, but the digital transformation has been and continues to be a challenge for enterprises, particularly when it comes to governing the access that employees need to the slew of new technologies hitting the workforce today.
With new technology infusing itself into the daily workflow to speed productivity and drive innovation (think cloud file storage sharing applications, as one example), identity governance plays a powerful role within an organizations’ overall IT and security strategy. It is important to understand where identity can help, and a lot of that has to do with dispelling common myths that continue to swirl around what identity is and what it is not. We covered the first of these myths in the first installment of this blog post, and today, we’ll dig into the remaining myths.
Myth #5: Not my problem! Identity governance is an IT issue
Eons ago, it was common for IT to be solely responsible for identity governance. Business application owners were not held accountable for compliance with internal controls, even though they understood how the systems were being used and which employees needed access to applications and data. As a result, IT shouldered responsibility for a set of risks that were actually business risks. Here’s what we know now: the business side of the house must assume some, if not all, ownership for identity governance and team with IT to ensure it is appropriately included in the organization’s overall identity program.
Myth #6: Identity governance and security are separate
Identity governance and security are cut from the same cloth. According to an April 2018 Ponemon report, when it comes to data breaches, in most cases, it is the careless employee or contractor that is the root cause.
Enterprises have employees, but also contractors, suppliers, partners, and even software bots who require access to corporate data to collaborate or perform their job. Those users need to access more and more systems, applications and data than ever before, and many of them are interconnected. Identity enables organizations to know who has access to what, who should have access and also define how that access can be used. By having a 360-degree view of everyone’s access to every application, system, and file store organizations can further secure and prevent those pesky data breaches that are the bane of every organization’s existence.
Myth #7: Identity governance is designed for large companies only
Enterprise organizations of all sizes need identity governance. The idea that identity governance is only intended for very large enterprises may have been right ten years ago, but today, organizations of all sizes experience fundamentally the same challenges, no matter their size.
If you peer into today’s organization, identity is consumed and leveraged across a broad spectrum of organizations’ that range in size and industry focus. Identity is a crucial component to ensuring access to data—no matter where it resides—is well protected. However, identity is not only used for security reasons. With the growing wave of data privacy laws, notably GDPR, these organizations, big or small, are now all subject to one or more compliance regulation that requires them to implement and enforce access policies and also have a way to document and prove compliance.
Myth #8: Access management and single sign-on will solve my identity needs
Organizations are utilizing access management to balance ease of use and authenticated access to a variety of cloud and on-premises applications from anywhere, on any device. While this enables users with the convenience needed today for 24/7 access, organizations must consider the bigger picture and take a more strategic approach to manage their identities.
To establish a truly secure environment, organizations must address identity governance to control and govern each user’s access after the single sign-on. By integrating identity governance with an existing access management solution, organizations can automate the governance controls needed to mitigate the risk of a security breach and enforce compliance policies, while managing the demands of today’s modern workforce.
Myth #9: It’s too difficult to show the return identity governance provides
Finally, the last myth is about driving a quick return on your investment when it comes to identity governance. The fact is identity governance is key to implementing policy-driven automation which can result in big cost and time savings.
According to Forrester, users forget their passwords about five times a year. If those users are required to call a help desk for manual assistance, this not only slows down user productivity but also incurs costs that stack up quick — a 15-minute help desk call to manually reset a password on average costs companies $30 a call. Depending on your organization size, you can probably do the math pretty quickly and estimate an initial return. Other examples include streamlining employee Day 1 on-boarding as well as optimizing access review and certification efforts from months to weeks.
The Power of Identity
Today’s business world moves quickly, entails more types of applications and data, involves more types of users whose access needs close governance, and is exponentially more complicated for IT to enable than ever before. What once used to be straightforward has become a giant, inter-connected ecosystem teeming with thousands of applications and data, people and devices, all creating a web of access points and connections.
Through all this buzzing activity, digital transformation can bring on potential challenges, but it is safe to say that identity governance can bring peace of mind to help ensure organizations stay secure and compliant in the most efficient way possible. When done right, and by debunking a few myths, identity can become a business enabler that opens the door for new opportunities to innovate and operate with greater agility.
This blog post is a two-part series based on Senior Director of Product Marketing Jacqueline Brinkerhoff’s webinar on “Debunking Common Misconceptions of Identity.” This is the second installment of the series. Go here to read the first installment: Uncovering A Decade Worth of Myths About Identity Governance