When it comes to identity management and governance conversations, the focus often falls on security, risk reduction, and regulatory compliance. These are all great reasons to embark on an identity management program, but what is often overlooked when it comes to identity governance is how it can enable businesses to be better businesses and effectively transform themselves digitally.
During the annual customer panel at Navigate 2019, panelists this year made it clear how important identity governance is to building trust, business success, and digital transformation. “It starts with reassuring employees, contractors, business partners, and customers that we have a strong security program in place. And that starts with identity,” said Alfonso Mancuso, director identity and access management at LabCorp. “Having a solid identity and access management and governance program to project that we’re keeping data safe and protecting our digital assets is extremely important. I think it attracts customers, attracts employees, attracts contractors. It attracts people that want to do business with the company,” Mancuso said.
Grant Jacoby, senior vice president at Fifth Third Bank agreed, and added that identity is at the center of everything. “A lot of you out there, you’re going through this transformation to become more digital, such as moving to the cloud. But, what does that really mean? It means putting more products out faster so that you have more service points to your customers or businesses, and by virtue of that you can generate more revenue,” he said.
“Regardless of what product or features you’re putting out there, they must be bound to identity. So, in doing that, identity becomes the nucleus of any other transaction,” Jacoby added.
Ed Ferrara, chief information security officer at CSL Behring spoke to the speed of onboarding being critical to the speed of the business. “We now have an SLA of 24 hours or less for onboarding and off-boarding a traditional termination or new hire. That’s been achieved through a significant work of process engineering across the business,” Ferrara said. “It’s been very well received by everyone.”
John Masserini, chief information security officer at Millicom said they, too, are onboarding staff the day they are hired. “We’re undertaking a massive digital transformation, like almost everyone in the room,” said Masserini. An essential component to their transformation is having a solid understanding of their user base and consolidating that information in an accurate and usable way. “I have operations throughout most of Latin America and several in Africa, so by integrating them all in a central repository, we’re able to expedite the process, integrate with the HR platforms, and pull all of this together,” he said.
Identity management is also playing a crucial role when it comes to wrangling in complex cloud architectures, microservices, and software bots – and in these areas security plays a crucial role of balancing business value and risk.
“We started down a path of RPAs (robotic process automation), probably not dissimilar to a lot of other people,” said Christine Saxon, technology risk officer at SEI Investments. “We rushed in: Let’s just automate everything. And just by the nature of automating it we’re going to get a return on investment. We soon realized, like a lot of people, that that’s just not how it works,” Saxon said.
Saxon explained that the team took a small step back and re-evaluated. They focused on what could be done to deliver better business solutions, and not just automating existing ones.
“When you automate a process, in some cases, you introduce a tremendous amount of risk, and a potential for a compliance breach. We are making sure that we’re including regulatory compliance as part of that process, as well as getting business value and a return on investment.
“It’s amazing how we’re all here facing the same challenges. One of the things that we really are looking at is being able to provide business functionality. A way to roll out applications faster, more quickly than we ever had before. Security had typically been a roadblock to all of that, but now we are looking at automating all of that,” said Masserini.
The panelists all proved this year that, rather than being a persistent roadblock, good security and identity governance built into their environments can help to more efficiently and safely take the business to where it needs to go.