SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Myth-busting assumptions about identity governance - SailPoint
Wed, 20th Mar 2019
FYI, this story is more than a year old

As the years tick by, technology continues to advance, and the threats organisations have previously faced continue to change.

The target has changed for hackers and because of this, how organisations used to protect themselves are experiencing a change.

Where firewalls and physical perimeters used to be enough, organisations are struggling to find ways to protect the new area of interest for cybercriminals—their people.

And so, new methods of protection arose such as provisioning and access management.

However, amid all the change, many organisations were left confused about how to combat the threats facing them.

Enter identity governance.

The identity governance space has evolved and matured over the past 10 years, changing with the world around it.

But certain myths about the identity platform have persisted, and these misconceptions have, in some cases, been misleading organisations on how they should be protecting themselves.

Myth #1: Provisioning will be-all and end-all

While the provisioning solutions from 10 years ago were sufficient for monitoring the users in an organisations' system, they were not designed for detailed governance.

Identity governance helps to automate provisioning processes (as well as others) through a governance-based approach.

Today, this has become important in organisations to ensure their users have the right access for the right systems at the right time.

It also ensures enterprises have full visibility over their users, applications, and data at any point in time—which has become mission critical with the evolution of work.

Myth #2: Role management will solve everything

Not so long ago, it was assumed that role management would bring business context to identity management to simplify provisioning and compliance.

However, today it's recognised that there shouldn't be an emphasis on roles as a standalone solution.

Roles should be viewed as a means to end.

While they are a key component of an effective identity governance solution, roles are not the only requirement for strong enterprise security.

Myth #3: Identity governance doesn't work with or in the cloud

At one point, identity management solutions were delivered only on-premise, but with the rise of cloud applications, identity governance has had to evolve.

Not only can modern solutions govern access to cloud apps and data, but they can also be deployed entirely from the cloud.

In fact, all identity governance capabilities today can be cross-domain—this includes certification, password management, and more.

Myth #4: Organisations only need identity governance if they're subject to regulatory compliance

Government and regulatory bodies have increased the need for businesses to protect users through a new wave of compliance measures and regulations.

As a result, organisations are increasingly turning to preventative and detective controls to keep their data safe.

These controls protect all kinds of data from applications, stored on file shares, in the cloud, and even on mobile devices.

 Myth #5: Identity governance is IT's problem

Identity used to be another “IT problem.

But with applications and data increasingly being tied to a particular department, identity has transformed into a business issue.

Business managers are more frequently being tasked with defining and enforcing policies and controls to minimise access risk.

This, in turn, empowers business users to be more effective and secure with the data at their disposal.

The power of identity

In the face of disruptive change, organisations can expect governance to be complex—but the context and security it brings to organisations far outweighs this.

The power of identity goes beyond access.

In fact, identity goes beyond the network, and ties into both endpoint and data security.

Not only does it take information from every piece of an organisation's security infrastructure, but when done correctly, identity governance has the power to tie all this data together.

By adopting an identity governance strategy that encompasses the entire organisation, business leaders can properly secure and govern identities and their access, giving them the clarity they need.