Skip to Main Content

Uncovering A Decade Worth Of Myths About Identity Governance

A lot can happen in a decade. For the 80s it was the personal computer. In the 90s it was the World Wide Web. And not to mention the iPhone that burst onto the scene in the early 2000s.

As the years roll by, technological advancement continues to make huge strides for humankind, but it also changes the way we protect ourselves.

Through all the handoffs of cybersecurity to protect people in organizations –  from firewalls to access management to a solid identity governance program – many organizations are left confused on how to combat threats facing them and, unfortunately, more than a few myths have persisted. Hackers have become increasingly crafty in the past ten years, and now are targeting one of the most pivotal parts of an organization: its people. To protect, you must educate. Let’s debunk some of these myths that have persisted for the last decade.

Myth #1: Provisioning will solve everything under the sun for my governance problems

For years, many provisioning solutions did a decent job of adding and deleting users. Today, they are not nuanced enough for legitimate governance. Not only do they lack the broad application coverage required to meet compliance, but they also struggle to report “who has access to what” and continue to be too technical for business users.

Granting or removing access does not address the more significant issue of security. Identity governance helps with automating provisioning processes through a governance-based approach. This approach will allow enterprises full visibility over their users, applications, and data to be able to answer the three paramount questions:

  1. Who has access to what?
  2. Who should have access?
  3. What are they doing with that access?

Myth #2: Role management is the key to solving everything

Ten years ago, Oasis was still a band, and the identity industry believed that role management was the cure for what ailed us. While it is true that role management can provide business context to simplify identity management, it is a means to an end but not the key to solving everything identity-related. Roles can be employed as components of identity governance solutions, when and where they are useful, but they are not the only requirement for strong enterprise security.

Myth #3: Identity governance doesn’t work with or in the cloud

Back in the day, legacy provisioning and identity management solutions were delivered entirely from on-premises and only managed on-premises systems. Enter cloud applications, storage, and infrastructure. Not only has cloud become the preferred method of deployment for many enterprise identity programs, but identity governance has evolved to ensure on-premises and cloud applications and data found in cloud storage are all governed in a consistent and efficient manner. Moreover, with the rapid adoption of cloud infrastructures, such as Amazon AWS and Microsoft Azure, enterprise organizations are also leveraging their identity solution to secure and govern access; protecting where some of the most valuable information is stored.

Myth #4: You only need identity governance if you’re subject to regulatory compliance

When the Sarbanes-Oxley Act (SOX) was first enacted, identity governance initially emerged as a new category of identity management to improve transparency and manageability within specific industries (i.e., manufacturing) to meet compliance regulations. Every organization, regardless if you are subject to regulations, need to strengthen controls over access to sensitive data and applications.

To be secure, regardless of the ever-changing regulatory landscape, today’s organizations must put in place preventive and detective controls. These controls can protect all kinds of data – embedded in applications, stored on file shares and in the cloud, and even on mobile devices.

The Power of Identity

Some may believe that identity is just about governing access to specific applications or systems, but identity is far more than access. Identity goes beyond the network, and ties into both endpoint and data security. It takes information from every piece of an organization’s security infrastructure and ties it all together. Identity gives much-needed context to everything an employee, partner, supplier, contractor, etc. does to the entire enterprise infrastructure.

Identity is everything today.

By adopting an identity governance strategy that encompasses the entire organization, you can properly secure and govern your organization’s identities and their access. That’s the power of identity.

If you would like to learn more, check out the replay of our webinar recording: 5 Myths of Identity Governance.