All organizations, across industries and governments, face similar IT-related challenges. Whether you’re a large manufacturer that needs to support a global group of employees, contractors, and business partners (400,000+ identities globally) across a hybrid infrastructure, or a smaller firm wanting to manage and govern users across a predominantly Microsoft environment, the difficulties are eerily similar. For one, complying with legislative or industry-specific regulatory requirements is increasingly time- and resource-intensive. Second, Cyber security threats are diversifying and becoming more severe. And above all, these and other pressures need to be addressed with limited budgets, without disrupting critical business operations.
When done correctly, Identity Governance and Administration (IGA) solutions help organizations meet compliance, enhance business efficiencies, and increase security. However, without defined processes it can be a guessing game by security practitioners and administrators to get value out of an IGA deployment. Common IGA pitfalls include being overly ambitious to try and get everything done at once, complex customizations, spending time chasing down data, and not getting stakeholders on board.
Omada IdentityPROCESS+ is a comprehensive best practice process framework which describes the most important processes needed to ensure a successful IGA deployment with guiding principles. Omada IdentityPROJECT+ was developed to help enable organizations to implement Omada, based on the framework outlined in IdentityPROCESS+.
Pitfalls of Not Having a Plan
IGA projects can be incredibly complex, and success is not guaranteed. IGA solutions span multiple constituencies, including employees, contractors, business partners, and even the identities of machines, adding to the complexity. IGA success depends not only on selecting the right technical solutions, but on setting the stage for a successful IGA lifecycle management.
Within IdentityPROCESS+, there are detailed guidelines and frameworks for how to implement various processes to help ensure organizations are in accordance with best practices. The processes help document who has access to what, along with a justification as to why they have that access. Users can also be easily onboarded with correct access rights, and the ability to easily terminate access when it is no longer needed. IdentityPROCESS+, as an example, helps lay out a framework to how to suspend access for someone out on parental leave, or when a third-party contractor is hired as a full-timer. Further, when employees or contractors change roles, their access rights are seamlessly changed, while providing administrators with improved efficiency when managing user identities through improved workflows and automation. Finally, it allows for the ability to perform ad hoc and/or periodic audit reviews and analysis to ensure that users have the right access to the appropriate systems to perform their jobs.
After the framework and guidelines are established, putting together a plan for execution is next. This is where IdentityPROJECT+ comes in.
Identity Governance is an Ongoing Journey
The large number and variety of processes can initially make it difficult for organizations to know where to start – even if they have an earlier generation of an identity and access management (IAM) solution already installed. Within IdentityPROJECT+, a recommended approach is to arrive at a starting point from which each organization can quickly get up and running to demonstrate value to the business. It should be remembered that an IGA implementation does not have a single right way of doing things – there are many different paths that organizations can take depending on whether their key goals are security, compliance, or efficiency driven. Regardless of which path is taken, organizations find that IGA implementations are an ongoing journey as the business they are supporting is constantly changing due to new users being employed, new applications being introduced, mergers and acquisitions, and many other business changes requiring continuous support
Best Practices and Recommendations
While Omada IdentityPROCESS+ provides a framework that can act as the basis for implementing strong identity governance, here are some examples of how to leverage IdentityPROJECT+ to get quick results.
- Focus on goals. Determining what is most valuable and important from a business perspective creates clarity. From the outset of the project, it is imperative to set clear, measurable goals and to balance compliance, risk, efficiency, and cost. An unbalanced focus on these parameters, may lead to lack of alignment between stakeholders and undesirable outcomes lacking transparency or benefits. With the business priorities clearly defined, IdentityPROJECT+ will lead to an optimally balanced governance program.
- Short iterative steps. Within IdentityPROJECT+, establishing quick wins that always follow a three-phased sequence: EXPLORE – BUILD – OPERATE is critical. This phased approach supports the seamless integration of upcoming changes as well as permanent value delivery.
- Use a Minimal Viable Product (MVP) approach. Deliver iterations lasting 2-4 months and constantly evaluating progress and tracking against the goals defined in #2.
Having a plan for Identity Governance is important to reduce complexity, time-to-value, risk, and improve the likelihood of success.