Identity Management Programs: The Greatest Thing Since Sliced Bread

Without a doubt, the world has changed in the past month. While I haven’t left the house since March 13 (and counting), I’ve enjoyed yoga classes, concerts and happy hours with friends (via teleconferencing), and an upcoming dermatology appointment has been converted from an in-person appointment to a telehealth appointment. When I can get flour, I’ve been baking up a storm. Not only is it therapeutic, but the final product is rewarding and delicious.

People have been making bread since 8000 BC and it is a pretty straightforward process that can lead to amazing results or a lot of swearing. Identity Governance is much like making bread, in that there are precise steps and being creative might not yield the results that you expected. In fact, you can get a soggy mess or something that looks picture perfect but is less than edible. Not only are you frustrated with the results, but you have wasted money, resources, and time. In the end, you have nothing to show for your efforts.

I think that Julia Child said it best: “How can a nation be great if its bread tastes like Kleenex?” When I bake bread, I follow a trusted recipe. The need for a strong identity program persists more than ever during a pandemic and when providing access to remote employees or contingent workers, it is essential to follow a trusted recipe.

Below are some steps for a sound identity program, or a recipe if you will.


Measure how much provisioning you will need based on your environment.

Some organizations will need to onboard people more rapidly. For example: at hospitals, there are high numbers of clinical staff turnover which means existing daily or twice daily HR aggregation processes may not be frequent enough. You may need to revisit this based on your organization’s needs. Incoming folks need access more quickly, and if contingent workers are being introduced, removing access when they leave is important too.

Having a decentralized workforce assumes some risk so having controls in place to monitor is important. Knowing who has access to what is always important, but even more so when people are working from locations they may have never worked from before. Think of this like modifying your recipe for high altitude baking. You will need to increase or decrease certain aspects of the recipe to yield the right outcome. For example: Are you automating the right amount of access for people to work remotely? Are you able to see what those people are accessing? And most importantly, are you able to ensure that you are not over-provisioning your people with access that is not essential – potentially leaving your organization open risk?


Governance is to identity what yeast is to bread. Without it, it’s flat

In bread making, I always like to remind folks to check your yeast. Expired yeast means you will not get the baking results you want. The same rules apply for identity, you should check your identity program frequently. If you haven’t implemented a certification process now may be the time to do so.  After the dust settles, it will be imperative that access for every worker is reconciled to ensure you are maintaining a ‘least privilege’ model. This means reviewing access for every worker and removing any excess access that is no longer relevant due to their new work situation or job function.

While we don’t know what the future holds and what the world will look like after this pandemic, having a strong identity program remains crucial. A strong identity program can help provide access in a timely fashion, which reduces IT helpdesk calls and triage IT resources to more critical needs. In addition, having a complete cross-organizational view of all user access helps ensure access is always appropriate, secure, and compliant with policy-based access. Continuously evaluating your identity program means that you can react more quickly in times that are rapidly changing.

Read our use case on how SailPoint is keeping healthcare organizations safe in a time of chaos.


Discussion