In today’s day and age, having reliable tools that help IAM Architects, Engineers, and Administrators secure all types of identities, and their respective access rights is critical. With more tools than ever available at everyone’s fingertips, having solutions that simplify problems and do not require loads of bespoke configuration, helps make life easy for those who are responsible for administering IAM programs, and for those who have to interact with the tools in their day-to-day lives.
A critical tool that can dramatically help reduce the attack surface, enable business operations, and meet compliance, is Identity Governance and Administration (IGA). IGA solutions, when deployed and scaled properly, can help organizations enable their business users, facilitate digital transformations by maintaining order in cloud and SaaS systems, and improve security by continually governing who has access to what, and why. However, there are many common pitfalls of IGA, that without the proper technology, and guidance, can lead to more problems than solutions.
The Need for IGA
Nick B., a solution architect IAM [Identity and Access Management] at Enexis Groep, an energy/utilities company with more than 1,000 employees, found himself requiring an IGA solution as his environment grew more complex. The company had gone from having SAP and two cloud tools to more than 50 cloud tools, speaking to the explosion of growth in the number of business applications needed to enable business users. As he put it in his review of Omada Identity on IT Central Station, “The whole playing field has changed dramatically.” Before Omada, their IGA tool was, as Nick described it, “an old-fashioned, highly customized tool.” His team had trouble achieving their objective of enabling self-service business users to manage identity on a self-service basis, which is only exacerbated as new tools get introduced en masse.
IGA. As a Service
Nick’s team decided to implement Omada Identity Cloud, Omada’s SaaS offering, in 2018. “We had a new policy that was more cloud-native,” he said, adding, “and if we did not have Omada we wouldn’t have been able to facilitate that. Omada facilitated our company’s move to the cloud.” Self-service is now possible, with Nick observing, “With Omada, it’s a lot easier to give responsibility to the business instead of IT, and that’s one of the big changes that it has made.”
Nick mentioned that “The landscape is much more complex than it used to be. We had one data center, now we have multiple clouds and we have a lot more tools in the cloud. Everything is at least in the public cloud. The landscape has changed a lot and things have become much more difficult. If we didn’t change to Omada, the help desk cost would be a lot higher.” The need for SaaS based solutions is critical for agility, and meeting the demands of other SaaS applications and systems within the stack.
Omada also provides flexible upgrade windows, which will ensure that, as Nick put it, “We will probably be able to handle whatever the business may come up with in the coming years.” The solution’s flexibility leaves room for adaptability, empowerment, and expansion. It provides welcome efficiency through the scalability of approval workflows and self-service access request features. Nick can control one critical system and later train users to prepare for growth. This matters because, as Nick said, “When moving to the cloud, you need to have a faster time to market. Identity is the new security parameter and the core security parameter. You need to have people at your company who know what they are doing.”
Omada offers Enexis Groep highly available service that delivers 99.9% uptime to users. Omada also delivers continuous systems performance monitoring and enhancement, moving granular responsibility from IT to other departments. The SaaS streamlines workflow with health check, continuous reporting, and logging.
No Code Needed to Fit Business Requirements
Omada’s no-code approach is made possible by automation. For example, Omada can automatically detect violations and get those analytics-driven insights to Nick and team to help them decide permissions and whether access should be allowed or removed. He says, “You can easily configure almost anything you want without using custom code.” It provides a complete view of the access compliance status across all systems. Nick further commented on the no-code, template-based approach made possible by Omada, saying, “The thing that I find most valuable is that Omada consists of building blocks.” Then, with a process framework, it’s easy to “provision accounts and authorizations to target systems.”
Omada’s out-of-the-box workflows can easily be customized to Enexis Groep bespoke business requirements. Nick explained, “We can do more with Omada than the business could have imagined, especially in the area of security.” The IGaaS solution allows Nick to implement segregation of duties, for example, which is an important countermeasure and control for compliance. He said, “There is a lot of functionality for the segregation of duties. We can make things safer. The hire-to-retire process is also implemented pretty well. With Omada, we can deliver the functionality that the business requires at the moment.”
Maintaining Audit and Meeting Compliance
Nick is able to keep up with all IGA activities, which are continuously logged. His users are prompted automatically to update and add their additional information and explanations. This applies to the reasons management would want to grant certain access rights to an identity, which give him historic and current state audit reports, generated on demand. The solution gives Nick an effective toolbox for his trail and log audit processes. “I don’t know how many audit findings in total we have been subject to, but Omada reduced that number,” he said. “I am aware of at least one big finding that Omada helped resolve.”
To learn more about what IT Central Station members think about IGA solutions, visit this page.