Identity Governance in the Time of Coronavirus: Part 1
In a recent article by Solutions Review, Prediction: The Coronavirus Alters Discourse on Identity Governance and Administration, it discussed how the era of social distancing may increase awareness and deployment of identity governance solutions. As you’ll see, many of the problems that organizations encounter with managing the identities of remote workers mimic the issues IGA solutions solve.
For many enterprises, the awareness and benefits of identity governance were already known. For others, this crisis shines a light into the areas within their organization that are lacking. At SailPoint, we’ve been working hard to stay one step ahead, anticipating how identity can serve enterprises during normal and not-so-normal times.
To level-set, let’s first consider what identity governance is designed to do. In short, it enables organizations to ensure every worker or user has the right access to the right resources for the right reasons and at the right time. Pretty straight forward – yes?
The overall benefit is that it enables your teams to be free to do their jobs while your IT and security teams can be sure that the proper guardrails are in place to limit their access to what they really need.
Today we will explore some of the ways that identity governance has risen to the occasion to help companies through this unique and challenging time in the areas of onboarding, management of contingent workers and automating access decisions:
Rapid On-Boarding and Lifecycle Management:
Coronavirus has pushed most companies to adopt a work from home model. To enable this new – and much larger – remote and contingent workforce, IT teams need to securely utilize enterprise mobility tools and services while addressing increased demand for cloud applications and collaboration services across the globe. Given our current climate, organizations need to work quickly without sacrificing security. This means being able to provision them with new or different access to the applications and data required to do their job, wherever they may be. When you consider having to do this for thousands of workers – all with different locations, devices, and job functions, this can be a very daunting task.
A critical part of the onboarding process is not only about day 1 access. That, of course, is very important, but what happens on day two and beyond or managing the full lifecycle of the user? Lifecycle management involves streamlining and fortifying onboarding, offboarding, and intra-enterprise role changes.” This is also known in the industry as “Joiner, Mover, Leaver” or “JML” if you’re an acronym lover. It continues to state, “Onboarding and offboarding often involve assigning (or removing) privileges quickly as befits their new role in the organization. Failing to do so properly can cause problems in getting workers started promptly (onboarding) or leave a security risk via orphaned accounts (offboarding).”
During this time, many organizations moved quickly to simply ‘provide whatever access they [workers] needed.’ As a result, what remains to be quantified is the number of users who now have too many permissions. When it comes to access, less is more – and by ‘more’ I mean ‘more secure.’ These over-provisioned workers are prime targets waiting to be compromised via phishing emails and malware. Once compromised, whatever they have access to, the cybercriminals do as well.
One sizeable financial organization told us about the following recent experience – “We tripled our user accounts and provisioning over the past few weeks, and SailPoint worked beautifully! During this time, we had to respond quickly to the unusually high systems integration, and SailPoint handled 3x’s (our) normal workload! This was touted up to the exec level, and everyone is grateful that this is one less thing we have to worry about during the pandemic.”
Management of Contingent Workers:
Another trend we’re seeing among customers are those who need to temporarily onboard non-traditional workers rapidly – this includes contractors, new vendors, and suppliers. There are many examples of healthcare organizations that only had days to bring on hundreds of doctors and nurses, giving them access to medical systems and patient information so that proper care could be delivered. Manufacturing organizations are having to adjust teams for changing production lines while retail distribution centers are having to adapt to their consumer’s needs, driving the demand to onboard thousands of contingent workers as quickly and securely as possible. The question is: when these temporary workers are no longer needed, will these organizations be able to immediately remove all access and prove it with proper audit trails/documentation? Be sure this will come up during your compliance audit!
The good news is that there are organizations that were prepared because they’ve embraced identity as part of their way of doing business. Rather than scurrying around and just freely handing out access, they were able to make the pivot by updating policies and roles and pushing out new or updated access from a centralized identity platform.
Make informed identity decisions through AI & ML:
By moving to the cloud and adopting all of these new technologies so quickly and in such a distributed manner, managing user access can get much harder. Manual processes are limiting and error-prone. Your IT and personnel resources have never been more at a premium. By providing an automated workflow approval process along with AI-driven recommendations, your approvers will know if it’s safe to grant access or not. And it prevents what we call “rubber-stamping” or just the quick approval process. Using AI-driven recommendations helps business managers know if it is safe to approve access or not. Not only will your IT helpdesk appreciate less repetitive calls, but you’ll save BIG. And since every single access activity is recorded so you can be confident that even amongst the most trying of times, that your compliance efforts are still being maintained and you’ll have what you need to appease your auditors.
By incorporating the benefits of SailPoint Predictive Identity, ™ organizations gain the ability to move faster, be more agile, and better address the needs of its employees, partners, and customers securely and efficiently. The bottom line, SailPoint Predictive Identity conquers your chaos and puts you back in control.
Be sure to catch the 2nd part in this blog series, where I discuss how organizations can improve efficiency through self-service and improving security and streamlining compliance.