Identity Governance and Administration (IGA) has become a cornerstone of solid IT security, allowing organizations to implement processes for controlling, managing, and auditing access to data.
Over the past 20 years, Omada has built up a body of knowledge from a significant number of IGA deployments in some of the world’s most modern, complex, and largest organizations. This expertise has been formalized into the unique IdentityPROCESS+ best practices process framework, which sets out the process areas needed to design and implement a successful identity management and access governance solution.
A key part of keeping organizations secure and efficient is to ensure that all identities have only the proper access that they need to perform their tasks. Identity lifecycle management is the process to ensure that identity access is properly created, changed, and disabled when identities join the organization, move departments, get promoted, and leave. Identity lifecycle management processes enable the granting of access rights according to defined roles, rules and policies to ensure employees have the right access levels at any given point in time.
Over time, identities may need to extend access rights to a system, application, or data set because they have been assigned to a new department or region, or because they get promoted and require additional access within applications they already use. Similarly, new applications may be introduced in order to further spur productivity. Access Management ensures that in these types of cases, all identities have workflows that are seamless or automated to request this additional access in a way that is secure, and streamlining these requests to ensure expedient and accurate review.
Identity Governance solutions are implemented with the goal of managing and enabling all identities associated with the organization. For some organizations, this may be in the thousands, tens of thousands, or more.f all these identities are handled individually, security and risk management teams would run out of time in the day, and end up with a very complex web of access and entitlement assignments. Granting access can be significantly simplified by grouping identities together based on what they do, where they work, or based on other criteria like aligning with the business.
When an organization suspects that an identity has been compromised, it is important to act quickly to limit any damage. If the company has not automated its identity security breach process, the IT department may end up spending valuable time searching for a needle in the haystack. To address this, the identity security breach management processes enable administrators to suspend all accounts associated with an identity suspected of being breached and allow them to reactive the access once the situation has been rectified.
For many organizations, it is complicated to document, and have proof of who has access to what and why. One possible way to do this is to ask managers to verify their direct reports’ access. However, while this is a sensible approach, managers may end up “rubber-stamping” access approvals, simply because the list can be overwhelming resulting in too much access being granted. On the contrary, they also may end up declining access as a result of over-correcting. Governance affords organizations to ensure that users are neither granted too much nor too little access.
As new business applications are introduced into an organization, it is important to connect them with the IGA solution so that identities can be provisioned access automatically, and access rights are holistically and centrally managed. Administration processes provide all the workflows to allow an organization to effectively onboard new business systems. In addition, the setting up of password reset management and password policies are handled by the administration policies to ensure passwords are secure but accessible to authorized users.
Effective audit processes provide reporting capabilities along with operational and management dashboards for identity management and access governance scenarios. This provides auditors the ability to understand the controls that are in place with justifications. Auditing processes deliver an automated overview of access rights based on identity intelligence across business-critical systems and applications. Identity and access data is envaulted and compared against policies and any inappropriate access or SoD violations will automatically be identified to enable remediation actions to be performed.