itb-au logo
Story image

Myth-busting assumptions about identity governance - SailPoint

20 Mar 2019

Article by SailPoint APAC vice president Terry Burgess

As the years tick by, technology continues to advance, and the threats organisations have previously faced continue to change.

The target has changed for hackers and because of this, how organisations used to protect themselves are experiencing a change.

Where firewalls and physical perimeters used to be enough, organisations are struggling to find ways to protect the new area of interest for cybercriminals—their people.

And so, new methods of protection arose such as provisioning and access management.

However, amid all the change, many organisations were left confused about how to combat the threats facing them.

Enter identity governance.

The identity governance space has evolved and matured over the past 10 years, changing with the world around it.

But certain myths about the identity platform have persisted, and these misconceptions have, in some cases, been misleading organisations on how they should be protecting themselves. 

Myth #1: Provisioning will be-all and end-all

While the provisioning solutions from 10 years ago were sufficient for monitoring the users in an organisations’ system, they were not designed for detailed governance.

Identity governance helps to automate provisioning processes (as well as others) through a governance-based approach.

Today, this has become important in organisations to ensure their users have the right access for the right systems at the right time.

It also ensures enterprises have full visibility over their users, applications, and data at any point in time—which has become mission critical with the evolution of work.

Myth #2: Role management will solve everything

Not so long ago, it was assumed that role management would bring business context to identity management to simplify provisioning and compliance.

However, today it’s recognised that there shouldn’t be an emphasis on roles as a standalone solution. 

Roles should be viewed as a means to end.

While they are a key component of an effective identity governance solution, roles are not the only requirement for strong enterprise security.

Myth #3: Identity governance doesn’t work with or in the cloud

At one point, identity management solutions were delivered only on-premise, but with the rise of cloud applications, identity governance has had to evolve.

Not only can modern solutions govern access to cloud apps and data, but they can also be deployed entirely from the cloud.

In fact, all identity governance capabilities today can be cross-domain—this includes certification, password management, and more. 

Myth #4: Organisations only need identity governance if they’re subject to regulatory compliance

Government and regulatory bodies have increased the need for businesses to protect users through a new wave of compliance measures and regulations.

As a result, organisations are increasingly turning to preventative and detective controls to keep their data safe.

These controls protect all kinds of data from applications, stored on file shares, in the cloud, and even on mobile devices.

 Myth #5: Identity governance is IT’s problem

Identity used to be another “IT problem.”

But with applications and data increasingly being tied to a particular department, identity has transformed into a business issue.

Business managers are more frequently being tasked with defining and enforcing policies and controls to minimise access risk.

This, in turn, empowers business users to be more effective and secure with the data at their disposal.

The power of identity

In the face of disruptive change, organisations can expect governance to be complex—but the context and security it brings to organisations far outweighs this.

The power of identity goes beyond access.

In fact, identity goes beyond the network, and ties into both endpoint and data security.

Not only does it take information from every piece of an organisation’s security infrastructure, but when done correctly, identity governance has the power to tie all this data together.

By adopting an identity governance strategy that encompasses the entire organisation, business leaders can properly secure and govern identities and their access, giving them the clarity they need.

Story image
Rapid shifts to the cloud may leave organisations at higher risk of cyber threats
While cloud migration isn’t simple, it can be enabled and improved using the right security tools.More
Story image
Frost & Sullivan breaks down biggest changes in the world of UIs
“UI technologies will be an important component in the shift from the office to a virtual workplace that is mobile and more flexible, while interactive interfaces have expanded the scope of businesses to engage with their customers and build deep relationships."More
Story image
RedEye Apps integrates with Microsoft to keep critical infrastructure running
RedEye chief technology officer Jenny Johnson says the Microsoft 365 integration will drive significant efficiencies across key industries for both national and international markets.More
Story image
Vault Cloud and Aruba partner to benefit Aus Government and critical industries
Vault Cloud has signed a partnership with Aruba, the HPE company, with the intention of bringing improved security solutions to government and critical industries.More
Story image
Fergus grows staff by 50%, bolsters C-suite after bumper growth year
Chris Stevens has been appointed as the chief technology and product officer and is tasked with supporting the company’s technical development and product roadmap. More
Story image
BlackRock and Snowflake enter partnership, look to serve investment management market
BlackRock and Snowflake have entered into a strategic partnership with the shared intention of delivering a next-generation solution for the investment management industry.More